diff options
| author | cyrus <cyrus@3c298f89-4303-0410-b956-a3cf2f4a3e73> | 2013-04-24 14:17:24 +0000 |
|---|---|---|
| committer | cyrus <cyrus@3c298f89-4303-0410-b956-a3cf2f4a3e73> | 2013-04-24 14:17:24 +0000 |
| commit | 10ca3f076590d9025840c0c479e8673da4fd18bb (patch) | |
| tree | 799f7184a1e9c5af0f7987e62c2c7ddbbf9fbfd1 /package/network/config/firewall3/files/firewall.config | |
| parent | ad3dd3bf5c341de1ee850dd142128245bf5a66c6 (diff) | |
firewall3: Make IPv6 ULA-Border generation dynamic
This fixes working behind another router which gives out ULAs.
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36416 3c298f89-4303-0410-b956-a3cf2f4a3e73
Diffstat (limited to 'package/network/config/firewall3/files/firewall.config')
| -rw-r--r-- | package/network/config/firewall3/files/firewall.config | 26 |
1 files changed, 7 insertions, 19 deletions
diff --git a/package/network/config/firewall3/files/firewall.config b/package/network/config/firewall3/files/firewall.config index 6acfe1e86..fa09b6819 100644 --- a/package/network/config/firewall3/files/firewall.config +++ b/package/network/config/firewall3/files/firewall.config @@ -95,29 +95,17 @@ config rule option family ipv6 option target ACCEPT -# Block ULA-traffic from leaking out -config rule - option name Enforce-ULA-Border-Src - option src * - option dest wan - option proto all - option src_ip fc00::/7 - option family ipv6 - option target REJECT - -config rule - option name Enforce-ULA-Border-Dest - option src * - option dest wan - option proto all - option dest_ip fc00::/7 - option family ipv6 - option target REJECT - # include a file with users custom iptables rules config include option path /etc/firewall.user +# include IPv6 ULA-border +config include + option type script + option path /usr/share/firewall/ipv6-ula-border.sh + option family IPv6 + option reload 1 + ### EXAMPLE CONFIG SECTIONS # do not allow a specific ip to access wan |