From f80fb45dc24b042ca4f180999780031c8dcddd4c Mon Sep 17 00:00:00 2001
From: jow <jow@3c298f89-4303-0410-b956-a3cf2f4a3e73>
Date: Sun, 14 Aug 2011 00:33:29 +0000
Subject: [package] firewall: further tune ICMPv6 default rules according to
 RFC4890 (#9893)

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@27979 3c298f89-4303-0410-b956-a3cf2f4a3e73
---
 package/firewall/files/firewall.config | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

(limited to 'package/firewall/files/firewall.config')

diff --git a/package/firewall/files/firewall.config b/package/firewall/files/firewall.config
index b47823fe2..5a5dfd018 100644
--- a/package/firewall/files/firewall.config
+++ b/package/firewall/files/firewall.config
@@ -44,6 +44,22 @@ config rule
 	option target		ACCEPT
 
 # Allow essential incoming IPv6 ICMP traffic
+config rule
+	option src		wan
+	option proto	icmp
+	list icmp_type		echo-request
+	list icmp_type		destination-unreachable
+	list icmp_type		packet-too-big
+	list icmp_type		time-exceeded
+	list icmp_type		bad-header
+	list icmp_type		unknown-header-type
+	list icmp_type		router-solicitation
+	list icmp_type		neighbour-solicitation
+	option limit		1000/sec
+	option family		ipv6
+	option target		ACCEPT
+
+# Allow essential forwarded IPv6 ICMP traffic
 config rule                                   
 	option src		wan
 	option dest		*
-- 
cgit v1.2.3