[package] firewall: refine default ICMPv6 rules to better conform with RFC4890, do not forward link local ICMP message types, allow parameter problem

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@27321 3c298f89-4303-0410-b956-a3cf2f4a3e73
2011-06-30 12:22:05 +00:00 · 2011-06-30 12:22:05 +00:00 · 80af758239
parent 2e69406167
commit 80af758239
1 changed files with 2 additions and 13 deletions
--- a/package/firewall/files/firewall.config
+++ b/package/firewall/files/firewall.config
@ -48,27 +48,16 @@ config rule
 	option src		wan
 	option dest		*
 	option proto		icmp
-	list icmp_type		router-solicitation
-	list icmp_type		router-advertisement
-	list icmp_type		neighbour-solicitation
-	list icmp_type		neighbour-advertisement
 	list icmp_type		echo-request
 	list icmp_type		destination-unreachable
 	list icmp_type		packet-too-big
 	list icmp_type		time-exceeded
+	list icmp_type		bad-header
+	list icmp_type		unknown-header-type
 	option limit		1000/sec
 	option family		ipv6
 	option target		ACCEPT

-# Drop leaking router advertisements on WAN
-config rule
-	option src		*
-	option dest		wan
-	option proto		icmp
-	option icmp_type	router-advertisement
-	option family		ipv6
-	option target		DROP
-
 # include a file with users custom iptables rules
 config include
 	option path /etc/firewall.user