[CentOS] Re: CentOS 7, NetworkMangler, and ipv6

Thu Dec 10 20:58:11 UTC 2015
Yamaban <foerster at lisas.de>

On Thu, 10 Dec 2015 16:00, m.roth at ... wrote:

> We've started having a problem with a CentOS 7 server. It looses its IPv6
> address, if I understand this issue correctly. We can get in, if we do ssh
> -4, though.
> In the logs, I'm seeing this about twice an hour:
> <warn>  (pid 98466) unhandled DHCP event for interface ens3f0
> Now, in googling, I get very few hits putting quotes around "unhanded dhcp
> exception" - in fact, the only one I found that seemed to talk about it
> was from someone's slackware box, where there was some sort of
> configuration, perhaps similar to ifcfg-<if>, and they were telling that
> person to remove it, because it conflicted with what Networkmanager was
> trying to do, leaving it in a confused state.
> Any thoughts?
>       mark

My first thought upon reading this was:
Well, let's block / drop the irritating packets via firewall / iptables.

Is the source of these packets allowed to contact your box at all?
  - No : then block it fully, ipv4 and ipv6
  - Yes: block all dhcpv4 / dhcpv6 / radv traffic to and from this source.
    or even more aggressive: first block this box, second only open the
    minimum required ports to that box.

IMHO, Networkmanager(and its underlaying helpers) should be much more
carefull in handling Router / DHCP stuff.
It's biggest niggle for me is a missing white- and black-list for
(dis-)allowed routers / dhcp-servers.

Is this the "Right(tm)" thing to do? Dunno, but that would be my gut-telling.

  - Yamaban