aboutsummaryrefslogtreecommitdiffstats
path: root/package/network/config
diff options
context:
space:
mode:
authorSteven Barth <cyrus@openwrt.org>2013-01-04 15:59:28 +0000
committerSteven Barth <cyrus@openwrt.org>2013-01-04 15:59:28 +0000
commitb077480a59a66f3ed970c6a0c5336e4c28f9a27d (patch)
tree20f6fb1ad9424f6eb4c6d35ad381d8121e415a9f /package/network/config
parente952eaa112417637d67f1774e641c1cade49ed23 (diff)
downloadupstream-b077480a59a66f3ed970c6a0c5336e4c28f9a27d.tar.gz
upstream-b077480a59a66f3ed970c6a0c5336e4c28f9a27d.tar.bz2
upstream-b077480a59a66f3ed970c6a0c5336e4c28f9a27d.zip
firewall: Add ULA site border for IPv6 traffic This prevents private traffic from leaking out to the internet
SVN-Revision: 35012
Diffstat (limited to 'package/network/config')
-rw-r--r--package/network/config/firewall/Makefile2
-rw-r--r--package/network/config/firewall/files/firewall.config19
2 files changed, 20 insertions, 1 deletions
diff --git a/package/network/config/firewall/Makefile b/package/network/config/firewall/Makefile
index 4d7970a502..1cfc734a32 100644
--- a/package/network/config/firewall/Makefile
+++ b/package/network/config/firewall/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=firewall
PKG_VERSION:=2
-PKG_RELEASE:=55
+PKG_RELEASE:=56
include $(INCLUDE_DIR)/package.mk
diff --git a/package/network/config/firewall/files/firewall.config b/package/network/config/firewall/files/firewall.config
index a87413904d..6acfe1e86a 100644
--- a/package/network/config/firewall/files/firewall.config
+++ b/package/network/config/firewall/files/firewall.config
@@ -95,6 +95,25 @@ config rule
option family ipv6
option target ACCEPT
+# Block ULA-traffic from leaking out
+config rule
+ option name Enforce-ULA-Border-Src
+ option src *
+ option dest wan
+ option proto all
+ option src_ip fc00::/7
+ option family ipv6
+ option target REJECT
+
+config rule
+ option name Enforce-ULA-Border-Dest
+ option src *
+ option dest wan
+ option proto all
+ option dest_ip fc00::/7
+ option family ipv6
+ option target REJECT
+
# include a file with users custom iptables rules
config include
option path /etc/firewall.user