[OpenWrt-Devel] [PATCH] firewall: Allow MLD input on WAN

Linus Lüssing linus.luessing at c0d3.blue
Sat May 2 04:50:50 EDT 2015


The WAN port should at least respond to MLD queries as otherwise
a snooping bridge/switch might drop traffic.

Signed-off-by: Linus Lüssing <linus.luessing at c0d3.blue>
---
 package/network/config/firewall/files/firewall.config |   12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/package/network/config/firewall/files/firewall.config b/package/network/config/firewall/files/firewall.config
index d149e77..b9a48cd 100644
--- a/package/network/config/firewall/files/firewall.config
+++ b/package/network/config/firewall/files/firewall.config
@@ -59,6 +59,18 @@ config rule
 	option family		ipv6
 	option target		ACCEPT
 
+config rule
+	option name		Allow-MLD
+	option src		wan
+	option proto		icmp
+	option src_ip		fe80::/10
+	list icmp_type		'130/0'
+	list icmp_type		'131/0'
+	list icmp_type		'132/0'
+	list icmp_type		'143/0'
+	option family		ipv6
+	option target		ACCEPT
+
 # Allow essential incoming IPv6 ICMP traffic
 config rule
 	option name		Allow-ICMPv6-Input
-- 
1.7.10.4
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel


More information about the openwrt-devel mailing list