From 6b0814ef78e4724f83791f79ba694d110118c17e Mon Sep 17 00:00:00 2001
From: Javi Fontan <jfontan@opennebula.org>
Date: Tue, 16 May 2017 12:57:07 +0200
Subject: [PATCH] F #4159: allow ipv6 135, 136 udp ports

Patch by Roy Keene <rkeene@knightpoint.com> from:

https://dev.opennebula.org/issues/4159#note-12
---
 src/vnm_mad/remotes/lib/security_groups_iptables.rb | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/vnm_mad/remotes/lib/security_groups_iptables.rb b/src/vnm_mad/remotes/lib/security_groups_iptables.rb
index 0798802c7a..1d5bfc9d42 100644
--- a/src/vnm_mad/remotes/lib/security_groups_iptables.rb
+++ b/src/vnm_mad/remotes/lib/security_groups_iptables.rb
@@ -388,6 +388,10 @@ module SGIPTables
         commands.add :ip6tables, "-A #{chain_in} -p icmpv6 --icmpv6-type 135 "\
             "-j ACCEPT"
 
+        ## Allow neighbor solicitations replies to reach the host
+        commands.add :ip6tables, "-A #{chain_in} -p icmpv6 --icmpv6-type 136 "\
+            "-j ACCEPT"
+
         ## Allow routers to send Redirect messages
         commands.add :ip6tables, "-A #{chain_in} -p icmpv6 --icmpv6-type 137 "\
             "-j ACCEPT"
@@ -396,6 +400,10 @@ module SGIPTables
         commands.add :ip6tables, "-A #{chain_out} -p icmpv6 --icmpv6-type 133 "\
             "-j ACCEPT"
 
+        ## Allow the host to send neighbor solicitation requests
+        commands.add :ip6tables, "-A #{chain_out} -p icmpv6 --icmpv6-type 135 "\
+            "-j ACCEPT"
+
         ## Allow the host to send neighbor solicitation replies
         commands.add :ip6tables, "-A #{chain_out} -p icmpv6 --icmpv6-type 136 "\
             "-j ACCEPT"