Le 25/06/2025 à 16:26, Gabriel Goller a écrit : > It is currently impossible to enable ipv6 forwarding on a per-interface > basis like in ipv4. To enable forwarding on an ipv6 interface we need to > enable it on all interfaces and disable it on the other interfaces using > a netfilter rule. This is especially cumbersome if you have lots of > interface and only want to enable forwarding on a few. According to the > sysctl docs [0] the `net.ipv6.conf.all.forwarding` enables forwarding > for all interfaces, while the interface-specific > `net.ipv6.conf.<interface>.forwarding` configures the interface > Host/Router configuration. > > Introduce a new sysctl flag `do_forwarding`, which can be set on every > interface. The ip6_forwarding function will then check if the global > forwarding flag OR the do_forwarding flag is active and forward the > packet. To preserver backwards-compatibility also reset the flag on all > interfaces when setting the global forwarding flag to 0. > > [0]: https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt > > Signed-off-by: Gabriel Goller <g.goller@xxxxxxxxxxx> Please, export this sysctl via a NETCONFA_DO_FORWARDING attribute also. > --- > > * I don't have any hard feelings about the naming, Nicolas Dichtel > proposed `fwd_per_iface` but I think `do_forwarding` is a better fit. What about force_forwarding? > * I'm also not sure about the reset when setting the global forwarding > flag; don't know if I did that right. Feedback is welcome! It seems correct to me. > * Thanks for the help! Maybe you could align ipv6.all.do_forwarding on ipv4.all.forwarding, ie setting all existing ipv6.*.do_forwarding. https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/net/ipv4/devinet.c#n2423 Regards, Nicolas
