From 10ca3f076590d9025840c0c479e8673da4fd18bb Mon Sep 17 00:00:00 2001
From: cyrus <cyrus@3c298f89-4303-0410-b956-a3cf2f4a3e73>
Date: Wed, 24 Apr 2013 14:17:24 +0000
Subject: firewall3: Make IPv6 ULA-Border generation dynamic

This fixes working behind another router which gives out ULAs.

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36416 3c298f89-4303-0410-b956-a3cf2f4a3e73
---
 .../network/config/firewall3/files/firewall.config | 26 ++++++----------------
 1 file changed, 7 insertions(+), 19 deletions(-)

(limited to 'package/network/config/firewall3/files/firewall.config')

diff --git a/package/network/config/firewall3/files/firewall.config b/package/network/config/firewall3/files/firewall.config
index 6acfe1e86..fa09b6819 100644
--- a/package/network/config/firewall3/files/firewall.config
+++ b/package/network/config/firewall3/files/firewall.config
@@ -95,29 +95,17 @@ config rule
 	option family		ipv6
 	option target		ACCEPT
 
-# Block ULA-traffic from leaking out
-config rule
-	option name		Enforce-ULA-Border-Src
-	option src		*
-	option dest		wan
-	option proto		all
-	option src_ip		fc00::/7
-	option family		ipv6
-	option target		REJECT
-
-config rule
-	option name		Enforce-ULA-Border-Dest
-	option src		*
-	option dest		wan
-	option proto		all
-	option dest_ip		fc00::/7
-	option family		ipv6
-	option target		REJECT
-
 # include a file with users custom iptables rules
 config include
 	option path /etc/firewall.user
 
+# include IPv6 ULA-border
+config include
+	option type script
+	option path /usr/share/firewall/ipv6-ula-border.sh
+	option family IPv6
+	option reload 1
+
 
 ### EXAMPLE CONFIG SECTIONS
 # do not allow a specific ip to access wan
-- 
cgit v1.2.3