firewall: Add ULA site border for IPv6 traffic This prevents private traffic from leaking out to the internet

SVN-Revision: 35012
master
Steven Barth 12 years ago
parent e952eaa112
commit b077480a59
  1. 2
      package/network/config/firewall/Makefile
  2. 19
      package/network/config/firewall/files/firewall.config

@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=firewall PKG_NAME:=firewall
PKG_VERSION:=2 PKG_VERSION:=2
PKG_RELEASE:=55 PKG_RELEASE:=56
include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/package.mk

@ -95,6 +95,25 @@ config rule
option family ipv6 option family ipv6
option target ACCEPT option target ACCEPT
# Block ULA-traffic from leaking out
config rule
option name Enforce-ULA-Border-Src
option src *
option dest wan
option proto all
option src_ip fc00::/7
option family ipv6
option target REJECT
config rule
option name Enforce-ULA-Border-Dest
option src *
option dest wan
option proto all
option dest_ip fc00::/7
option family ipv6
option target REJECT
# include a file with users custom iptables rules # include a file with users custom iptables rules
config include config include
option path /etc/firewall.user option path /etc/firewall.user

Loading…
Cancel
Save