qi-hardware/openwrt-xburst
1
0
Fork 0
mirror of git://projects.qi-hardware.com/openwrt-xburst.git synced 2024-11-24 01:01:52 +02:00
Code

[package] firewall: refine default ICMPv6 rules to better conform with RFC4890, do not forward link local ICMP message types, allow parameter problem

Browse Source 
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@27321 3c298f89-4303-0410-b956-a3cf2f4a3e73
This commit is contained in:
jow 2011-06-30 12:22:05 +00:00
parent 14ca52f672
commit 86a3fe1a88
1 changed files with 2 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
package/firewall/files/firewall.config
View File

@ -48,27 +48,16 @@ config rule
option src wan option src wan
option dest * option dest *
option proto icmp option proto icmp
list icmp_type router-solicitation
list icmp_type router-advertisement
list icmp_type neighbour-solicitation
list icmp_type neighbour-advertisement
list icmp_type echo-request list icmp_type echo-request
list icmp_type destination-unreachable list icmp_type destination-unreachable
list icmp_type packet-too-big list icmp_type packet-too-big
list icmp_type time-exceeded list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
option limit 1000/sec option limit 1000/sec
option family ipv6 option family ipv6
option target ACCEPT option target ACCEPT
# Drop leaking router advertisements on WAN
config rule
option src *
option dest wan
option proto icmp
option icmp_type router-advertisement
option family ipv6
option target DROP
# include a file with users custom iptables rules # include a file with users custom iptables rules
config include config include
option path /etc/firewall.user option path /etc/firewall.user