summaryrefslogtreecommitdiffstats
path: root/package/network/config/firewall/files/firewall.config
diff options
context:
space:
mode:
authorSteven Barth <cyrus@openwrt.org>2013-01-04 15:59:28 +0000
committerSteven Barth <cyrus@openwrt.org>2013-01-04 15:59:28 +0000
commitb077480a59a66f3ed970c6a0c5336e4c28f9a27d (patch)
tree20f6fb1ad9424f6eb4c6d35ad381d8121e415a9f /package/network/config/firewall/files/firewall.config
parente952eaa112417637d67f1774e641c1cade49ed23 (diff)
downloadmaster-31e0f0ae-b077480a59a66f3ed970c6a0c5336e4c28f9a27d.tar.gz
master-31e0f0ae-b077480a59a66f3ed970c6a0c5336e4c28f9a27d.tar.bz2
master-31e0f0ae-b077480a59a66f3ed970c6a0c5336e4c28f9a27d.zip
firewall: Add ULA site border for IPv6 traffic This prevents private traffic from leaking out to the internet
SVN-Revision: 35012
Diffstat (limited to 'package/network/config/firewall/files/firewall.config')
-rw-r--r--package/network/config/firewall/files/firewall.config19
1 files changed, 19 insertions, 0 deletions
diff --git a/package/network/config/firewall/files/firewall.config b/package/network/config/firewall/files/firewall.config
index a87413904d..6acfe1e86a 100644
--- a/package/network/config/firewall/files/firewall.config
+++ b/package/network/config/firewall/files/firewall.config
@@ -95,6 +95,25 @@ config rule
option family ipv6
option target ACCEPT
+# Block ULA-traffic from leaking out
+config rule
+ option name Enforce-ULA-Border-Src
+ option src *
+ option dest wan
+ option proto all
+ option src_ip fc00::/7
+ option family ipv6
+ option target REJECT
+
+config rule
+ option name Enforce-ULA-Border-Dest
+ option src *
+ option dest wan
+ option proto all
+ option dest_ip fc00::/7
+ option family ipv6
+ option target REJECT
+
# include a file with users custom iptables rules
config include
option path /etc/firewall.user
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-02 13:32:07 +0000