On Wed, 2 Jul 2025 09:46:18 +0200 Gabriel Goller wrote: > It is currently impossible to enable ipv6 forwarding on a per-interface > basis like in ipv4. To enable forwarding on an ipv6 interface we need to > enable it on all interfaces and disable it on the other interfaces using > a netfilter rule. This is especially cumbersome if you have lots of > interface and only want to enable forwarding on a few. According to the > sysctl docs [0] the `net.ipv6.conf.all.forwarding` enables forwarding > for all interfaces, while the interface-specific > `net.ipv6.conf.<interface>.forwarding` configures the interface > Host/Router configuration. > > Introduce a new sysctl flag `force_forwarding`, which can be set on every > interface. The ip6_forwarding function will then check if the global > forwarding flag OR the force_forwarding flag is active and forward the > packet. Should we invert the polarity? It appears that the condition below only let's this setting _disable_ forwarding. IMO calling it "force" suggests to the user that it will force it to be enabled. Nicolas, how do you feel about asking for a selftest here? The functionality is fairly trivial from datapath PoV, but feels odd to merge uAPI these days without a selftest..
