commit 59b0e97ac32ad76b426c56d0b785e38b4176bef5
Author: Jiri Popelka <jpopelka@redhat.com>
Date:   Wed Feb 5 17:13:38 2014 +0100

    Allow RAs prior to applying IPv6_rpfilter (RHBZ#1058505)

diff --git a/src/firewall/core/fw.py b/src/firewall/core/fw.py
index 601e8f7..1d6112b 100644
--- a/src/firewall/core/fw.py
+++ b/src/firewall/core/fw.py
@@ -522,6 +522,10 @@ class Firewall:
         if self.ipv6_rpfilter_enabled:
             if self.is_table_available("ipv6", "raw"):
                 rule = [ "-t", "raw", "-I", "PREROUTING", "1",
+                         "-p", "icmpv6", "--icmpv6-type=router-advertisement",
+                         "-j", "ACCEPT" ]       # RHBZ#1058505
+                self.rule("ipv6", rule)
+                rule = [ "-t", "raw", "-I", "PREROUTING", "2",
                          "-m", "rpfilter", "--invert", "-j", "DROP" ]
                 self.rule("ipv6", rule)