On 07/12/2020 00:50, Freek de Kruijf wrote:

Op zondag 6 december 2020 12:30:46 CET schreef Ed Greshko:

Hi,

System is a Fedora 33 VM running firewalld-0.8.4-1.

I have:

[root@f33k ~]# firewall-cmd --get-active-zones
drop
   interfaces: enp1s0

enp1s0 has addresses 192.168.122.26 and 2001:b030:112f:2::53.

If I try to ssh to it from another system I get....

[egreshko@meimei ~]$ ssh 192.168.122.26
^C

Meaning it "hangs" until I ctrl-C it or it will timeout at some point if
left alone.

But I get this using the IPv6 address

[egreshko@meimei ~]$ ssh 2001:b030:112f:2::53
ssh: connect to host 2001:b030:112f:2::53 port 22: No route to host

So, is this a difference in how the FW handles IPv6 or due to how IPv6 works
on the source side?

Thanks,
Ed

You gave us some insight in the firewall configuration. It looks you drop all 
incoming traffic on enp1s0. So the ssh connection to IPv4 gets no answer.
For your IPv6 connection attempt it is important to know what the 
configuration is on the system you tried to make this connection from. So what 
is the output of "ip -6 r" on that system?

[egreshko@meimei ~]$ ip -6 r
::1 dev lo proto kernel metric 256 pref medium
2001:b030:112f::/64 dev enp2s0 proto kernel metric 100 pref medium
2001:b030:112f:2::/64 dev virbr0 proto kernel metric 256 pref medium
fe80::/64 dev enp2s0 proto kernel metric 100 pref medium
fe80::/64 dev virbr0 proto kernel metric 256 pref medium
fe80::/64 dev vnet0 proto kernel metric 256 pref medium
fe80::/64 dev vnet1 proto kernel metric 256 pref medium
fe80::/64 dev wlp4s0 proto kernel metric 600 pref medium
default via 2001:b030:112f::1 dev enp2s0 proto static metric 100 pref medium