projects / openwrt / staging / chunkeey.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
firewall: Allow IGMP and MLD input on WAN
[openwrt/staging/chunkeey.git] / package / network / config / firewall / files / firewall.config
diff --git a/package/network/config/firewall/files/firewall.config b/package/network/config/firewall/files/firewall.config
index a87413904dd0781d59e57d10255d8804981649cf..1a20e39ca582c77dd2a4b641de45312511de6074 100644 (file)
--- a/package/network/config/firewall/files/firewall.config
+++ b/package/network/config/firewall/files/firewall.config
@@ -8,14 +8,15 @@ config defaults
 
 config zone
        option name             lan
 
 config zone
        option name             lan
-       option network          'lan'
+       list   network          'lan'
        option input            ACCEPT
        option output           ACCEPT
        option input            ACCEPT
        option output           ACCEPT
-       option forward          REJECT
+       option forward          ACCEPT
 
 config zone
        option name             wan
 
 config zone
        option name             wan
-       option network          'wan'
+       list   network          'wan'
+       list   network          'wan6'
        option input            REJECT
        option output           ACCEPT
        option forward          REJECT
        option input            REJECT
        option output           ACCEPT
        option forward          REJECT
@@ -45,6 +46,13 @@ config rule
        option family           ipv4
        option target           ACCEPT
 
        option family           ipv4
        option target           ACCEPT
 
+config rule
+       option name             Allow-IGMP
+       option src              wan
+       option proto            igmp
+       option family           ipv4
+       option target           ACCEPT
+
 # Allow DHCPv6 replies
 # see https://dev.openwrt.org/ticket/10381
 config rule
 # Allow DHCPv6 replies
 # see https://dev.openwrt.org/ticket/10381
 config rule
@@ -58,6 +66,18 @@ config rule
        option family           ipv6
        option target           ACCEPT
 
        option family           ipv6
        option target           ACCEPT
 
+config rule
+       option name             Allow-MLD
+       option src              wan
+       option proto            icmp
+       option src_ip           fe80::/10
+       list icmp_type          '130/0'
+       list icmp_type          '131/0'
+       list icmp_type          '132/0'
+       list icmp_type          '143/0'
+       option family           ipv6
+       option target           ACCEPT
+
 # Allow essential incoming IPv6 ICMP traffic
 config rule
        option name             Allow-ICMPv6-Input
 # Allow essential incoming IPv6 ICMP traffic
 config rule
        option name             Allow-ICMPv6-Input
Staging tree of Christian Lamparter