diff options
author | Tiago Gaspar <tiagogaspar8@gmail.com> | 2022-05-04 10:36:07 +0100 |
---|---|---|
committer | Jo-Philipp Wich <jo@mein.io> | 2022-05-04 15:30:18 +0200 |
commit | b4ea8e1089b6db4367d9bd40654d7b16590ae19f (patch) | |
tree | c25ee1b9b1774c7458c3682c87abf551363df69d /package/network | |
parent | 13c88950a25726b33bd1d2fb977f0056cc50f2a2 (diff) | |
download | upstream-b4ea8e1089b6db4367d9bd40654d7b16590ae19f.tar.gz upstream-b4ea8e1089b6db4367d9bd40654d7b16590ae19f.tar.bz2 upstream-b4ea8e1089b6db4367d9bd40654d7b16590ae19f.zip |
firewall: config: remove restictions on DHCPv6 allow rule
Remove restrictions on source and destination addresses, which aren't
specified on RFC8415, and for some reason in openwrt are configured
to allow both link-local and ULA addresses.
As cleared out in issue #5066 there are some ISPs that use Gloabal
Unicast addresses, so fix this rule to allow them.
Fixes: #5066
Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
[rebase onto firewall3, clarify subject, bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from commit 65258f5d6093809c541050256646795bc0a460a9)
Diffstat (limited to 'package/network')
-rw-r--r-- | package/network/config/firewall/Makefile | 2 | ||||
-rw-r--r-- | package/network/config/firewall/files/firewall.config | 4 |
2 files changed, 2 insertions, 4 deletions
diff --git a/package/network/config/firewall/Makefile b/package/network/config/firewall/Makefile index 2c0ae5b86a..9ae7c06573 100644 --- a/package/network/config/firewall/Makefile +++ b/package/network/config/firewall/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=firewall -PKG_RELEASE:=1 +PKG_RELEASE:=1.1 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL=$(PROJECT_GIT)/project/firewall3.git diff --git a/package/network/config/firewall/files/firewall.config b/package/network/config/firewall/files/firewall.config index 5e22f984ce..61cfe665e4 100644 --- a/package/network/config/firewall/files/firewall.config +++ b/package/network/config/firewall/files/firewall.config @@ -54,13 +54,11 @@ config rule option target ACCEPT # Allow DHCPv6 replies -# see https://dev.openwrt.org/ticket/10381 +# see https://github.com/openwrt/openwrt/issues/5066 config rule option name Allow-DHCPv6 option src wan option proto udp - option src_ip fc00::/6 - option dest_ip fc00::/6 option dest_port 546 option family ipv6 option target ACCEPT |