firewall: Add ULA site border for IPv6 traffic This prevents private traffic from leaking out to the internet
SVN-Revision: 35012
This commit is contained in:
parent
e952eaa112
commit
b077480a59
2 changed files with 20 additions and 1 deletions
|
@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
|
|||
PKG_NAME:=firewall
|
||||
|
||||
PKG_VERSION:=2
|
||||
PKG_RELEASE:=55
|
||||
PKG_RELEASE:=56
|
||||
|
||||
include $(INCLUDE_DIR)/package.mk
|
||||
|
||||
|
|
|
@ -95,6 +95,25 @@ config rule
|
|||
option family ipv6
|
||||
option target ACCEPT
|
||||
|
||||
# Block ULA-traffic from leaking out
|
||||
config rule
|
||||
option name Enforce-ULA-Border-Src
|
||||
option src *
|
||||
option dest wan
|
||||
option proto all
|
||||
option src_ip fc00::/7
|
||||
option family ipv6
|
||||
option target REJECT
|
||||
|
||||
config rule
|
||||
option name Enforce-ULA-Border-Dest
|
||||
option src *
|
||||
option dest wan
|
||||
option proto all
|
||||
option dest_ip fc00::/7
|
||||
option family ipv6
|
||||
option target REJECT
|
||||
|
||||
# include a file with users custom iptables rules
|
||||
config include
|
||||
option path /etc/firewall.user
|
||||
|
|
Loading…
Reference in a new issue