KumiSystems/openwrtv4
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

firewall: refine default ICMPv6 rules to better conform with RFC4890, do not forward link local ICMP message types, allow parameter problem

Browse source 
SVN-Revision: 27321
This commit is contained in:
Jo-Philipp Wich 2011-06-30 12:22:05 +00:00
parent f9e4619b97
commit 07abf4a81e
1 changed files with 2 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
package/firewall/files/firewall.config
View file

@ -48,27 +48,16 @@ config rule
option src wan option src wan
option dest * option dest *
option proto icmp option proto icmp
list icmp_type router-solicitation
list icmp_type router-advertisement
list icmp_type neighbour-solicitation
list icmp_type neighbour-advertisement
list icmp_type echo-request list icmp_type echo-request
list icmp_type destination-unreachable list icmp_type destination-unreachable
list icmp_type packet-too-big list icmp_type packet-too-big
list icmp_type time-exceeded list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
option limit 1000/sec option limit 1000/sec
option family ipv6 option family ipv6
option target ACCEPT option target ACCEPT
# Drop leaking router advertisements on WAN
config rule
option src *
option dest wan
option proto icmp
option icmp_type router-advertisement
option family ipv6
option target DROP
# include a file with users custom iptables rules # include a file with users custom iptables rules
config include config include
option path /etc/firewall.user option path /etc/firewall.user