diff options
| author | Jo-Philipp Wich <jow@openwrt.org> | 2011-06-30 12:22:05 +0000 |
|---|---|---|
| committer | Jo-Philipp Wich <jow@openwrt.org> | 2011-06-30 12:22:05 +0000 |
| commit | 80af758239af384dad3c5bbd761f08f132355b43 (patch) | |
| tree | 983ad1e5d46ce14c9cdd0da8688236ca97766491 /package/firewall | |
| parent | 2e6940616751f9284bbe0c8ed878246e15d64549 (diff) | |
| download | upstream-80af758239af384dad3c5bbd761f08f132355b43.tar.gz upstream-80af758239af384dad3c5bbd761f08f132355b43.tar.bz2 upstream-80af758239af384dad3c5bbd761f08f132355b43.zip | |
[package] firewall: refine default ICMPv6 rules to better conform with RFC4890, do not forward link local ICMP message types, allow parameter problem
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@27321 3c298f89-4303-0410-b956-a3cf2f4a3e73
Diffstat (limited to 'package/firewall')
| -rw-r--r-- | package/firewall/files/firewall.config | 15 |
1 files changed, 2 insertions, 13 deletions
diff --git a/package/firewall/files/firewall.config b/package/firewall/files/firewall.config index c7bc798250..b47823fe2d 100644 --- a/package/firewall/files/firewall.config +++ b/package/firewall/files/firewall.config @@ -48,27 +48,16 @@ config rule option src wan option dest * option proto icmp - list icmp_type router-solicitation - list icmp_type router-advertisement - list icmp_type neighbour-solicitation - list icmp_type neighbour-advertisement list icmp_type echo-request list icmp_type destination-unreachable list icmp_type packet-too-big list icmp_type time-exceeded + list icmp_type bad-header + list icmp_type unknown-header-type option limit 1000/sec option family ipv6 option target ACCEPT -# Drop leaking router advertisements on WAN -config rule - option src * - option dest wan - option proto icmp - option icmp_type router-advertisement - option family ipv6 - option target DROP - # include a file with users custom iptables rules config include option path /etc/firewall.user |