firewall: Add ULA site border for IPv6 traffic This prevents private traffic from...
authorSteven Barth <cyrus@openwrt.org>
Fri, 4 Jan 2013 15:59:28 +0000 (15:59 +0000)
committerSteven Barth <cyrus@openwrt.org>
Fri, 4 Jan 2013 15:59:28 +0000 (15:59 +0000)
SVN-Revision: 35012

package/network/config/firewall/Makefile
package/network/config/firewall/files/firewall.config

index 4d7970a..1cfc734 100644 (file)
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=firewall
 
 PKG_VERSION:=2
-PKG_RELEASE:=55
+PKG_RELEASE:=56
 
 include $(INCLUDE_DIR)/package.mk
 
index a874139..6acfe1e 100644 (file)
@@ -95,6 +95,25 @@ config rule
        option family           ipv6
        option target           ACCEPT
 
+# Block ULA-traffic from leaking out
+config rule
+       option name             Enforce-ULA-Border-Src
+       option src              *
+       option dest             wan
+       option proto            all
+       option src_ip           fc00::/7
+       option family           ipv6
+       option target           REJECT
+
+config rule
+       option name             Enforce-ULA-Border-Dest
+       option src              *
+       option dest             wan
+       option proto            all
+       option dest_ip          fc00::/7
+       option family           ipv6
+       option target           REJECT
+
 # include a file with users custom iptables rules
 config include
        option path /etc/firewall.user