hsist
/
freifunkist-firmware
6
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

firewall: refine default ICMPv6 rules to better conform with RFC4890, do not forward link local ICMP message types, allow parameter problem

Browse Source 
SVN-Revision: 27321
master
Jo-Philipp Wich 13 years ago
parent f9e4619b97
commit 07abf4a81e
1 changed files with 2 additions and 13 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 15
      package/firewall/files/firewall.config

15
package/firewall/files/firewall.config
Unescape View File

@ -48,27 +48,16 @@ config rule
option src wan option src wan
option dest * option dest *
option proto icmp option proto icmp
list icmp_type router-solicitation
list icmp_type router-advertisement
list icmp_type neighbour-solicitation
list icmp_type neighbour-advertisement
list icmp_type echo-request list icmp_type echo-request
list icmp_type destination-unreachable list icmp_type destination-unreachable
list icmp_type packet-too-big list icmp_type packet-too-big
list icmp_type time-exceeded list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
option limit 1000/sec option limit 1000/sec
option family ipv6 option family ipv6
option target ACCEPT option target ACCEPT
# Drop leaking router advertisements on WAN
config rule
option src *
option dest wan
option proto icmp
option icmp_type router-advertisement
option family ipv6
option target DROP
# include a file with users custom iptables rules # include a file with users custom iptables rules
config include config include
option path /etc/firewall.user option path /etc/firewall.user

Write Preview
Loading…
Cancel
Save