firewall: Add ULA site border for IPv6 traffic This prevents private traffic from...

SVN-Revision: 35012

diff --git a/package/network/config/firewall/Makefile b/package/network/config/firewall/Makefile
index 4d7970a502c8a2ad4779e8b1acd0b7372bb1557e..1cfc734a32e5b5db9c45f2bba4c7da59fedba3b4 100644 (file)
--- a/package/network/config/firewall/Makefile
+++ b/package/network/config/firewall/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=firewall
 
 PKG_VERSION:=2
-PKG_RELEASE:=55
+PKG_RELEASE:=56
 
 include $(INCLUDE_DIR)/package.mk
 

diff --git a/package/network/config/firewall/files/firewall.config b/package/network/config/firewall/files/firewall.config
index a87413904dd0781d59e57d10255d8804981649cf..6acfe1e86a3ab84252c8cc287b3a04c43fbf8caa 100644 (file)
--- a/package/network/config/firewall/files/firewall.config
+++ b/package/network/config/firewall/files/firewall.config
@@ -95,6 +95,25 @@ config rule
        option family           ipv6
        option target           ACCEPT
 
+# Block ULA-traffic from leaking out
+config rule
+       option name             Enforce-ULA-Border-Src
+       option src              *
+       option dest             wan
+       option proto            all
+       option src_ip           fc00::/7
+       option family           ipv6
+       option target           REJECT
+
+config rule
+       option name             Enforce-ULA-Border-Dest
+       option src              *
+       option dest             wan
+       option proto            all
+       option dest_ip          fc00::/7
+       option family           ipv6
+       option target           REJECT
+
 # include a file with users custom iptables rules
 config include
        option path /etc/firewall.user