The WAN port should at least respond to IGMP and MLD queries as
otherwise a snooping bridge/switch might drop traffic.
RFC4890 recommends to leave IGMP and MLD unfiltered as they are always
link-scoped anyways.
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
SVN-Revision: 45613
option family ipv4
option target ACCEPT
option family ipv4
option target ACCEPT
+config rule
+ option name Allow-IGMP
+ option src wan
+ option proto igmp
+ option family ipv4
+ option target ACCEPT
+
# Allow DHCPv6 replies
# see https://dev.openwrt.org/ticket/10381
config rule
# Allow DHCPv6 replies
# see https://dev.openwrt.org/ticket/10381
config rule
option family ipv6
option target ACCEPT
option family ipv6
option target ACCEPT
+config rule
+ option name Allow-MLD
+ option src wan
+ option proto icmp
+ option src_ip fe80::/10
+ list icmp_type '130/0'
+ list icmp_type '131/0'
+ list icmp_type '132/0'
+ list icmp_type '143/0'
+ option family ipv6
+ option target ACCEPT
+
# Allow essential incoming IPv6 ICMP traffic
config rule
option name Allow-ICMPv6-Input
# Allow essential incoming IPv6 ICMP traffic
config rule
option name Allow-ICMPv6-Input
projects / openwrt / staging / chunkeey.git / commitdiff