firewall: refine default ICMPv6 rules to better conform with RFC4890, do not forward link local ICMP message types, allow parameter problem

SVN-Revision: 27321

package/firewall/files/firewall.config

@@ -48,27 +48,16 @@ config rule
 	option src		wan
 	option dest		*
 	option proto		icmp
-	list icmp_type		router-solicitation
-	list icmp_type		router-advertisement
-	list icmp_type		neighbour-solicitation
-	list icmp_type		neighbour-advertisement
 	list icmp_type		echo-request
 	list icmp_type		destination-unreachable
 	list icmp_type		packet-too-big
 	list icmp_type		time-exceeded
+	list icmp_type		bad-header
+	list icmp_type		unknown-header-type
 	option limit		1000/sec
 	option family		ipv6
 	option target		ACCEPT
 
-# Drop leaking router advertisements on WAN
-config rule
-	option src		*
-	option dest		wan
-	option proto		icmp
-	option icmp_type	router-advertisement
-	option family		ipv6
-	option target		DROP
-
 # include a file with users custom iptables rules
 config include
 	option path /etc/firewall.user