aboutsummaryrefslogtreecommitdiffstats
path: root/package/network/config/firewall
diff options
context:
space:
mode:
authorTiago Gaspar <tiagogaspar8@gmail.com>2022-05-04 10:36:07 +0100
committerJo-Philipp Wich <jo@mein.io>2022-05-04 15:26:16 +0200
commit65258f5d6093809c541050256646795bc0a460a9 (patch)
tree976907ffabce76be58f2018318d9adae028c68e0 /package/network/config/firewall
parent1daaef31b35201a9c15a2084e25dac41b48c1867 (diff)
downloadupstream-65258f5d6093809c541050256646795bc0a460a9.tar.gz
upstream-65258f5d6093809c541050256646795bc0a460a9.tar.bz2
upstream-65258f5d6093809c541050256646795bc0a460a9.zip
firewall: config: remove restictions on DHCPv6 allow rule
Remove restrictions on source and destination addresses, which aren't specified on RFC8415, and for some reason in openwrt are configured to allow both link-local and ULA addresses. As cleared out in issue #5066 there are some ISPs that use Gloabal Unicast addresses, so fix this rule to allow them. Fixes: #5066 Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com> [rebase onto firewall3, clarify subject, bump PKG_RELEASE] Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Diffstat (limited to 'package/network/config/firewall')
-rw-r--r--package/network/config/firewall/Makefile2
-rw-r--r--package/network/config/firewall/files/firewall.config4
2 files changed, 2 insertions, 4 deletions
diff --git a/package/network/config/firewall/Makefile b/package/network/config/firewall/Makefile
index 6296837563..9715e1f6bb 100644
--- a/package/network/config/firewall/Makefile
+++ b/package/network/config/firewall/Makefile
@@ -9,7 +9,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=firewall
-PKG_RELEASE:=2
+PKG_RELEASE:=3
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL=$(PROJECT_GIT)/project/firewall3.git
diff --git a/package/network/config/firewall/files/firewall.config b/package/network/config/firewall/files/firewall.config
index 5e22f984ce..61cfe665e4 100644
--- a/package/network/config/firewall/files/firewall.config
+++ b/package/network/config/firewall/files/firewall.config
@@ -54,13 +54,11 @@ config rule
option target ACCEPT
# Allow DHCPv6 replies
-# see https://dev.openwrt.org/ticket/10381
+# see https://github.com/openwrt/openwrt/issues/5066
config rule
option name Allow-DHCPv6
option src wan
option proto udp
- option src_ip fc00::/6
- option dest_ip fc00::/6
option dest_port 546
option family ipv6
option target ACCEPT