projects / openwrt / svn-archive / archive.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5edc780)
[backfire] merge r27979
authorJo-Philipp Wich <jow@openwrt.org>
Sun, 14 Aug 2011 00:34:04 +0000 (00:34 +0000)
committerJo-Philipp Wich <jow@openwrt.org>
Sun, 14 Aug 2011 00:34:04 +0000 (00:34 +0000)
SVN-Revision: 27980

package/firewall/Makefile patch | blob | history
package/firewall/files/firewall.config patch | blob | history
package/firewall/files/reflection.hotplug patch | blob | history

diff --git a/package/firewall/Makefile b/package/firewall/Makefile
index 6f38ee48b0396f922e5a78f928616c0f9b96d69c..5924b3582d4d21e73478a29f2b7f745d680dd6e3 100644 (file)
--- a/package/firewall/Makefile
+++ b/package/firewall/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=firewall
 
 PKG_VERSION:=2
-PKG_RELEASE:=33
+PKG_RELEASE:=34
 
 include $(INCLUDE_DIR)/package.mk
 
diff --git a/package/firewall/files/firewall.config b/package/firewall/files/firewall.config
index 428c5a211c24870709a4c6ba14322f93ef724990..d2b9c0e2612e694a2bdd03d123188eed08a26f18 100644 (file)
--- a/package/firewall/files/firewall.config
+++ b/package/firewall/files/firewall.config
@@ -44,6 +44,22 @@ config rule
        option target           ACCEPT
 
 # Allow essential incoming IPv6 ICMP traffic
+config rule
+       option src              wan
+       option proto    icmp
+       list icmp_type          echo-request
+       list icmp_type          destination-unreachable
+       list icmp_type          packet-too-big
+       list icmp_type          time-exceeded
+       list icmp_type          bad-header
+       list icmp_type          unknown-header-type
+       list icmp_type          router-solicitation
+       list icmp_type          neighbour-solicitation
+       option limit            1000/sec
+       option family           ipv6
+       option target           ACCEPT
+
+# Allow essential forwarded IPv6 ICMP traffic
 config rule                                   
        option src              wan
        option dest             *
diff --git a/package/firewall/files/reflection.hotplug b/package/firewall/files/reflection.hotplug
index 15e350082a1230084565d2d8bbc3e9b0b09d556b..1feb21075afcb0aa30ef86032ff43764ae424257 100644 (file)
--- a/package/firewall/files/reflection.hotplug
+++ b/package/firewall/files/reflection.hotplug
@@ -102,7 +102,7 @@ if [ "$ACTION" = "add" ] && [ "$INTERFACE" = "wan" ]; then
                                local p
                                for p in ${proto:-tcp udp}; do
                                        case "$p" in
-                                               tcp|udp)
+                                               tcp|udp|6|17)
                                                        iptables -t nat -A nat_reflection_in \
                                                                -s $lanip/$lanmk -d $exthost \
                                                                -p $p $extport \
OpenWrt SVN history