diff options
author | Steven Barth <cyrus@openwrt.org> | 2013-01-04 15:59:28 +0000 |
---|---|---|
committer | Steven Barth <cyrus@openwrt.org> | 2013-01-04 15:59:28 +0000 |
commit | b077480a59a66f3ed970c6a0c5336e4c28f9a27d (patch) | |
tree | 20f6fb1ad9424f6eb4c6d35ad381d8121e415a9f /package/network/config | |
parent | e952eaa112417637d67f1774e641c1cade49ed23 (diff) | |
download | upstream-b077480a59a66f3ed970c6a0c5336e4c28f9a27d.tar.gz upstream-b077480a59a66f3ed970c6a0c5336e4c28f9a27d.tar.bz2 upstream-b077480a59a66f3ed970c6a0c5336e4c28f9a27d.zip |
firewall: Add ULA site border for IPv6 traffic This prevents private traffic from leaking out to the internet
SVN-Revision: 35012
Diffstat (limited to 'package/network/config')
-rw-r--r-- | package/network/config/firewall/Makefile | 2 | ||||
-rw-r--r-- | package/network/config/firewall/files/firewall.config | 19 |
2 files changed, 20 insertions, 1 deletions
diff --git a/package/network/config/firewall/Makefile b/package/network/config/firewall/Makefile index 4d7970a502..1cfc734a32 100644 --- a/package/network/config/firewall/Makefile +++ b/package/network/config/firewall/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=firewall PKG_VERSION:=2 -PKG_RELEASE:=55 +PKG_RELEASE:=56 include $(INCLUDE_DIR)/package.mk diff --git a/package/network/config/firewall/files/firewall.config b/package/network/config/firewall/files/firewall.config index a87413904d..6acfe1e86a 100644 --- a/package/network/config/firewall/files/firewall.config +++ b/package/network/config/firewall/files/firewall.config @@ -95,6 +95,25 @@ config rule option family ipv6 option target ACCEPT +# Block ULA-traffic from leaking out +config rule + option name Enforce-ULA-Border-Src + option src * + option dest wan + option proto all + option src_ip fc00::/7 + option family ipv6 + option target REJECT + +config rule + option name Enforce-ULA-Border-Dest + option src * + option dest wan + option proto all + option dest_ip fc00::/7 + option family ipv6 + option target REJECT + # include a file with users custom iptables rules config include option path /etc/firewall.user |