hak5/wifipineapple-openwrt
1
0
Fork 0
mirror of https://github.com/hak5/wifipineapple-openwrt.git synced 2025-10-29 16:57:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

firewall: Add ULA site border for IPv6 traffic

Browse Source 
This prevents private traffic from leaking out to the internet

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@35012 3c298f89-4303-0410-b956-a3cf2f4a3e73
This commit is contained in:
Steven Barth
2013-01-04 15:59:28 +00:00
parent f537f292a3
commit d2072402f7
2 changed files with 20 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
package/network/config/firewall/Makefile
View File

@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=firewall
PKG_VERSION:=2
PKG_RELEASE:=55
PKG_RELEASE:=56
include $(INCLUDE_DIR)/package.mk

19
package/network/config/firewall/files/firewall.config
View File

@@ -95,6 +95,25 @@ config rule
option family ipv6
option target ACCEPT
# Block ULA-traffic from leaking out
config rule
option name Enforce-ULA-Border-Src
option src *
option dest wan
option proto all
option src_ip fc00::/7
option family ipv6
option target REJECT
config rule
option name Enforce-ULA-Border-Dest
option src *
option dest wan
option proto all
option dest_ip fc00::/7
option family ipv6
option target REJECT
# include a file with users custom iptables rules
config include
option path /etc/firewall.user