[openwrt/openwrt] firewall: config: remove restictions on DHCPv6 allow rule

LEDE Commits lede-commits at lists.infradead.org
Wed May 4 06:30:32 PDT 2022


jow pushed a commit to openwrt/openwrt.git, branch openwrt-21.02:
https://git.openwrt.org/b4ea8e1089b6db4367d9bd40654d7b16590ae19f

commit b4ea8e1089b6db4367d9bd40654d7b16590ae19f
Author: Tiago Gaspar <tiagogaspar8 at gmail.com>
AuthorDate: Wed May 4 10:36:07 2022 +0100

    firewall: config: remove restictions on DHCPv6 allow rule
    
    Remove restrictions on source and destination addresses, which aren't
    specified on RFC8415, and for some reason in openwrt are configured
    to allow both link-local and ULA addresses.
    As cleared out in issue #5066 there are some ISPs that use Gloabal
    Unicast addresses, so fix this rule to allow them.
    
    Fixes: #5066
    
    Signed-off-by: Tiago Gaspar <tiagogaspar8 at gmail.com>
    [rebase onto firewall3, clarify subject, bump PKG_RELEASE]
    Signed-off-by: Jo-Philipp Wich <jo at mein.io>
    (backported from commit 65258f5d6093809c541050256646795bc0a460a9)
---
 package/network/config/firewall/Makefile              | 2 +-
 package/network/config/firewall/files/firewall.config | 4 +---
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/package/network/config/firewall/Makefile b/package/network/config/firewall/Makefile
index 2c0ae5b86a..9ae7c06573 100644
--- a/package/network/config/firewall/Makefile
+++ b/package/network/config/firewall/Makefile
@@ -9,7 +9,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=firewall
-PKG_RELEASE:=1
+PKG_RELEASE:=1.1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/firewall3.git
diff --git a/package/network/config/firewall/files/firewall.config b/package/network/config/firewall/files/firewall.config
index 5e22f984ce..61cfe665e4 100644
--- a/package/network/config/firewall/files/firewall.config
+++ b/package/network/config/firewall/files/firewall.config
@@ -54,13 +54,11 @@ config rule
 	option target		ACCEPT
 
 # Allow DHCPv6 replies
-# see https://dev.openwrt.org/ticket/10381
+# see https://github.com/openwrt/openwrt/issues/5066
 config rule
 	option name		Allow-DHCPv6
 	option src		wan
 	option proto		udp
-	option src_ip		fc00::/6
-	option dest_ip		fc00::/6
 	option dest_port	546
 	option family		ipv6
 	option target		ACCEPT




More information about the lede-commits mailing list