diff options
author | Tiago Gaspar <tiagogaspar8@gmail.com> | 2022-05-04 10:36:07 +0100 |
---|---|---|
committer | Jo-Philipp Wich <jo@mein.io> | 2022-05-04 15:26:16 +0200 |
commit | 65258f5d6093809c541050256646795bc0a460a9 (patch) | |
tree | 976907ffabce76be58f2018318d9adae028c68e0 /package/network/config/firewall | |
parent | 1daaef31b35201a9c15a2084e25dac41b48c1867 (diff) | |
download | upstream-65258f5d6093809c541050256646795bc0a460a9.tar.gz upstream-65258f5d6093809c541050256646795bc0a460a9.tar.bz2 upstream-65258f5d6093809c541050256646795bc0a460a9.zip |
firewall: config: remove restictions on DHCPv6 allow rule
Remove restrictions on source and destination addresses, which aren't
specified on RFC8415, and for some reason in openwrt are configured
to allow both link-local and ULA addresses.
As cleared out in issue #5066 there are some ISPs that use Gloabal
Unicast addresses, so fix this rule to allow them.
Fixes: #5066
Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
[rebase onto firewall3, clarify subject, bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Diffstat (limited to 'package/network/config/firewall')
-rw-r--r-- | package/network/config/firewall/Makefile | 2 | ||||
-rw-r--r-- | package/network/config/firewall/files/firewall.config | 4 |
2 files changed, 2 insertions, 4 deletions
diff --git a/package/network/config/firewall/Makefile b/package/network/config/firewall/Makefile index 6296837563..9715e1f6bb 100644 --- a/package/network/config/firewall/Makefile +++ b/package/network/config/firewall/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=firewall -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL=$(PROJECT_GIT)/project/firewall3.git diff --git a/package/network/config/firewall/files/firewall.config b/package/network/config/firewall/files/firewall.config index 5e22f984ce..61cfe665e4 100644 --- a/package/network/config/firewall/files/firewall.config +++ b/package/network/config/firewall/files/firewall.config @@ -54,13 +54,11 @@ config rule option target ACCEPT # Allow DHCPv6 replies -# see https://dev.openwrt.org/ticket/10381 +# see https://github.com/openwrt/openwrt/issues/5066 config rule option name Allow-DHCPv6 option src wan option proto udp - option src_ip fc00::/6 - option dest_ip fc00::/6 option dest_port 546 option family ipv6 option target ACCEPT |