[OpenWrt-Devel] [PATCH] firewall: Allow MLD input on WAN
Linus Lüssing
linus.luessing at c0d3.blue
Sat May 2 04:50:50 EDT 2015
The WAN port should at least respond to MLD queries as otherwise
a snooping bridge/switch might drop traffic.
Signed-off-by: Linus Lüssing <linus.luessing at c0d3.blue>
---
package/network/config/firewall/files/firewall.config | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/package/network/config/firewall/files/firewall.config b/package/network/config/firewall/files/firewall.config
index d149e77..b9a48cd 100644
--- a/package/network/config/firewall/files/firewall.config
+++ b/package/network/config/firewall/files/firewall.config
@@ -59,6 +59,18 @@ config rule
option family ipv6
option target ACCEPT
+config rule
+ option name Allow-MLD
+ option src wan
+ option proto icmp
+ option src_ip fe80::/10
+ list icmp_type '130/0'
+ list icmp_type '131/0'
+ list icmp_type '132/0'
+ list icmp_type '143/0'
+ option family ipv6
+ option target ACCEPT
+
# Allow essential incoming IPv6 ICMP traffic
config rule
option name Allow-ICMPv6-Input
--
1.7.10.4
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list