commit 42a997143a5c9c4ff89045752cd7e52e400fd93d
Author: Thomas Woerner <twoerner@redhat.com>
Date:   Thu Sep 1 18:08:10 2016 +0200

    firewall.core.fw: Do not abort transaction on failed ipv6_rpfilter rules
    
    The existing transaction will be executed before trying to add the rules for
    ipv6_rpfilter and also afterwards. If the transaction with the ipv6_rpfilter
    fails, a warning is printed out and the remaining rules are applied afterwards.

diff --git a/src/firewall/core/fw.py b/src/firewall/core/fw.py
index 0685258..b4450ee 100644
--- a/src/firewall/core/fw.py
+++ b/src/firewall/core/fw.py
@@ -627,6 +627,12 @@ class Firewall(object):
 
         if self.ipv6_rpfilter_enabled and \
            "raw" in self.get_available_tables("ipv6"):
+
+            # Execute existing transaction
+            transaction.execute(True)
+            # Start new transaction
+            transaction.clear()
+
             # here is no check for ebtables.restore_noflush_option needed
             # as ebtables is not used in here
             transaction.add_rule("ipv6",
@@ -644,8 +650,17 @@ class Firewall(object):
                                        "-j", "LOG",
                                        "--log-prefix", "rpfilter_DROP: " ])
 
-        if use_transaction is None:
-            transaction.execute(True)
+            # Execute ipv6_rpfilter transaction, it might fail
+            try:
+                transaction.execute(True)
+            except FirewallError as msg:
+                log.warning("Applying rules for ipv6_rpfilter failed: %s", msg)
+            # Start new transaction
+            transaction.clear()
+
+        else:
+            if use_transaction is None:
+                transaction.execute(True)
 
     # flush and policy