Home Explore Help
Register Sign In
OpenWrt
/
openwrt
mirror of https://github.com/openwrt/openwrt.git
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

firewall: config: remove restictions on DHCPv6 allow rule

Remove restrictions on source and destination addresses, which aren't
specified on RFC8415, and for some reason in openwrt are configured
to allow both link-local and ULA addresses.
As cleared out in issue #5066 there are some ISPs that use Gloabal
Unicast addresses, so fix this rule to allow them.

Fixes: #5066

Signed-off-by: Tiago Gaspar <[email protected]>
[rebase onto firewall3, clarify subject, bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <[email protected]>
Tiago Gaspar 3 years ago
parent
1daaef31b3
commit
65258f5d60
2 changed files with 2 additions and 4 deletions
Split View Show Diff Stats
  1. 1 1
      package/network/config/firewall/Makefile
  2. 1 3
      package/network/config/firewall/files/firewall.config

+ 1 - 1
package/network/config/firewall/Makefile
View File 

@@ -9,7 +9,7 @@
 
 include $(TOPDIR)/rules.mk
 
 
 PKG_NAME:=firewall
 
-PKG_RELEASE:=2
 
+PKG_RELEASE:=3
 
 
 PKG_SOURCE_PROTO:=git
 
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/firewall3.git

+ 1 - 3
package/network/config/firewall/files/firewall.config
View File 

@@ -54,13 +54,11 @@ config rule
 
 	option target		ACCEPT
 
 
 # Allow DHCPv6 replies
 
-# see https://dev.openwrt.org/ticket/10381
 
+# see https://github.com/openwrt/openwrt/issues/5066
 
 config rule
 
 	option name		Allow-DHCPv6
 
 	option src		wan
 
 	option proto		udp
 
-	option src_ip		fc00::/6
 
-	option dest_ip		fc00::/6
 
 	option dest_port	546
 
 	option family		ipv6
 
 	option target		ACCEPT