X-Git-Url: http://git.openwrt.org/?p=openwrt%2Fstaging%2Fchunkeey.git;a=blobdiff_plain;f=package%2Fnetwork%2Fconfig%2Ffirewall%2Ffiles%2Ffirewall.config;h=1a20e39ca582c77dd2a4b641de45312511de6074;hp=a87413904dd0781d59e57d10255d8804981649cf;hb=d534883a52925f39c2579e8da45fab7ca57ad84b;hpb=405e21d16731b2764ab82aaaadcf36a813b105f7

diff --git a/package/network/config/firewall/files/firewall.config b/package/network/config/firewall/files/firewall.config
index a87413904d..1a20e39ca5 100644
--- a/package/network/config/firewall/files/firewall.config
+++ b/package/network/config/firewall/files/firewall.config
@@ -8,14 +8,15 @@ config defaults
 
 config zone
 	option name		lan
-	option network		'lan'
+	list   network		'lan'
 	option input		ACCEPT
 	option output		ACCEPT
-	option forward		REJECT
+	option forward		ACCEPT
 
 config zone
 	option name		wan
-	option network		'wan'
+	list   network		'wan'
+	list   network		'wan6'
 	option input		REJECT
 	option output		ACCEPT
 	option forward		REJECT
@@ -45,6 +46,13 @@ config rule
 	option family		ipv4
 	option target		ACCEPT
 
+config rule
+	option name		Allow-IGMP
+	option src		wan
+	option proto		igmp
+	option family		ipv4
+	option target		ACCEPT
+
 # Allow DHCPv6 replies
 # see https://dev.openwrt.org/ticket/10381
 config rule
@@ -58,6 +66,18 @@ config rule
 	option family		ipv6
 	option target		ACCEPT
 
+config rule
+	option name		Allow-MLD
+	option src		wan
+	option proto		icmp
+	option src_ip		fe80::/10
+	list icmp_type		'130/0'
+	list icmp_type		'131/0'
+	list icmp_type		'132/0'
+	list icmp_type		'143/0'
+	option family		ipv6
+	option target		ACCEPT
+
 # Allow essential incoming IPv6 ICMP traffic
 config rule
 	option name		Allow-ICMPv6-Input