CSF Blocking all outbound IPv6 traffic

[Wader]

Ive just setup a new server and configured a HE IPv6 tunnel, and all outbound traffic is being blocked by CSF, even though I have all ports allowed on outbound.

Code: Select all

# Allow outgoing TCP ports
TCP6_OUT = "0:65535"

# Allow outgoing UDP ports
# To allow outgoing traceroute add 33434:33523 to this list
UDP6_OUT = "0:65535"

I've added the tunnel server ipv4 address to csf.allow and can ping other ipv6 hosts. However all connections are being blocked and logged in the syslog.

Have I missed something in regards to the tunnel? I have other servers with native ipv6 with the same configs and they are working fine.

[WSWD]

I'm having the exact same problem with the HE tunnel on a few of our servers. Disabling CSF does the trick and everything works fine. Turning it on, opening all the ports, etc., does nothing.

Any means of fixing this?

[Nick57]

Any luck on this?

[yakatz]

I also have this issue. I also tried whitelisting the tunnel endpoint in case proto41 is being blocked, but that does not seem to have any effect.

[adamreece-webbox]

I concur, all outgoing traffic appears to be denied in version 9.28 (cPanel) on CentOS 6.

This can be resolved by setting IPV6_SPI to zero, however that may in fact disable a large portion of your intended IPv6 firewall rules.