Fix missing autogenerated chain for IPv6 policy routing.

Signed-off-by: Daniil Baturin <daniil@baturin.org>

1 files changed, 9 insertions, 0 deletions

diff --git a/scripts/firewall/vyatta-firewall.pl b/scripts/firewall/vyatta-firewall.pl
index b29ded9..d9fca19 100755
--- a/scripts/firewall/vyatta-firewall.pl
+++ b/scripts/firewall/vyatta-firewall.pl
@@ -363,9 +363,13 @@ sub add_route_table {
   if ($table_count < 1) {
     my $mark = 0x7FFFFFFF + $table;
     system("ip rule add pref $table fwmark $mark table $table");
+    system("ip -6 rule add pref $table fwmark $mark table $table");
     run_cmd("iptables -t mangle -N VYATTA_PBR_$table", 1);
     run_cmd("iptables -t mangle -I VYATTA_PBR_$table 1 -j MARK --set-mark $mark", 1);
     run_cmd("iptables -t mangle -I VYATTA_PBR_$table 2 -j ACCEPT", 1);
+    run_cmd("ip6tables -t mangle -N VYATTA_PBR_$table", 1);
+    run_cmd("ip6tables -t mangle -I VYATTA_PBR_$table 1 -j MARK --set-mark $mark", 1);
+    run_cmd("ip6tables -t mangle -I VYATTA_PBR_$table 2 -j ACCEPT", 1);
   }
 
   write_refcnt_file($policy_ref_file, @newlines);
@@ -393,7 +397,12 @@ sub remove_route_table {
 
       if ($ref < 1) {
         my $mark = 0x7FFFFFFF + $table;
+        system("ip -6 rule del pref $table fwmark $mark table $table");
         system("ip rule del pref $table fwmark $mark table $table");
+        run_cmd("ip6tables -t mangle -D VYATTA_PBR_$table 2", 1);
+        run_cmd("ip6tables -t mangle -D VYATTA_PBR_$table 1", 1);
+        run_cmd("ip6tables -t mangle -F VYATTA_PBR_$table", 1);
+        run_cmd("ip6tables -t mangle -X VYATTA_PBR_$table", 1);
         run_cmd("iptables -t mangle -D VYATTA_PBR_$table 2", 1);
         run_cmd("iptables -t mangle -D VYATTA_PBR_$table 1", 1);
         run_cmd("iptables -t mangle -F VYATTA_PBR_$table", 1);