onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-23 03:37:15 +01:00
Code Issues Releases Wiki Activity

* configlets/linux24/automatic_rules: implemented SF feature

Browse Source 
request 3094738 "Set the HL to 255 for IPv6 Neighbor
Discovery". Neighbor discovery packets must have hop limit of 255
per RFC 2461. Automatically generated rules that match neighbor
discovery packets will math hooplimit 255.
This commit is contained in:
Vadim Kurland 2010-10-29 16:47:28 -07:00
parent fd5553ebbd
commit 4c69594aae
2 changed files with 14 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
doc/ChangeLog
View File

@ -1,5 +1,11 @@
2010-10-29 Vadim Kurland <vadim@vk.crocodile.org>
* configlets/linux24/automatic_rules: implemented SF feature
request 3094738 "Set the HL to 255 for IPv6 Neighbor
Discovery". Neighbor discovery packets must have hop limit of 255
per RFC 2461. Automatically generated rules that match neighbor
discovery packets will math hooplimit 255.
* configlets/linux24/update_addresses: fixed SF bug 3091069:
"Routing configuration failed". Iptables script generated by
fwbuilder did not configure broadcast when it added ip addresses

16
src/res/configlets/linux24/automatic_rules
View File

@ -81,14 +81,14 @@
{{if add_rules_for_ipv6_neighbor_discovery}}
# rules to permit IPv6 Neighbor discovery
{{$begin_rule}} INPUT -p ipv6-icmp -m icmp6 --icmpv6-type router-solicitation -j ACCEPT {{$end_rule}}
{{$begin_rule}} OUTPUT -p ipv6-icmp -m icmp6 --icmpv6-type router-solicitation -j ACCEPT {{$end_rule}}
{{$begin_rule}} INPUT -p ipv6-icmp -m icmp6 --icmpv6-type router-advertisement -j ACCEPT {{$end_rule}}
{{$begin_rule}} OUTPUT -p ipv6-icmp -m icmp6 --icmpv6-type router-advertisement -j ACCEPT {{$end_rule}}
{{$begin_rule}} INPUT -p ipv6-icmp -m icmp6 --icmpv6-type neighbour-solicitation -j ACCEPT {{$end_rule}}
{{$begin_rule}} OUTPUT -p ipv6-icmp -m icmp6 --icmpv6-type neighbour-solicitation -j ACCEPT {{$end_rule}}
{{$begin_rule}} INPUT -p ipv6-icmp -m icmp6 --icmpv6-type neighbour-advertisement -j ACCEPT {{$end_rule}}
{{$begin_rule}} OUTPUT -p ipv6-icmp -m icmp6 --icmpv6-type neighbour-advertisement -j ACCEPT {{$end_rule}}
{{$begin_rule}} INPUT -p ipv6-icmp -m icmp6 --icmpv6-type router-solicitation -m hl --hl-eq 255 -j ACCEPT {{$end_rule}}
{{$begin_rule}} OUTPUT -p ipv6-icmp -m icmp6 --icmpv6-type router-solicitation -m hl --hl-eq 255 -j ACCEPT {{$end_rule}}
{{$begin_rule}} INPUT -p ipv6-icmp -m icmp6 --icmpv6-type router-advertisement -m hl --hl-eq 255 -j ACCEPT {{$end_rule}}
{{$begin_rule}} OUTPUT -p ipv6-icmp -m icmp6 --icmpv6-type router-advertisement -m hl --hl-eq 255 -j ACCEPT {{$end_rule}}
{{$begin_rule}} INPUT -p ipv6-icmp -m icmp6 --icmpv6-type neighbour-solicitation -m hl --hl-eq 255 -j ACCEPT {{$end_rule}}
{{$begin_rule}} OUTPUT -p ipv6-icmp -m icmp6 --icmpv6-type neighbour-solicitation -m hl --hl-eq 255 -j ACCEPT {{$end_rule}}
{{$begin_rule}} INPUT -p ipv6-icmp -m icmp6 --icmpv6-type neighbour-advertisement -m hl --hl-eq 255 -j ACCEPT {{$end_rule}}
{{$begin_rule}} OUTPUT -p ipv6-icmp -m icmp6 --icmpv6-type neighbour-advertisement -m hl --hl-eq 255 -j ACCEPT {{$end_rule}}
{{endif}}
{{if drop_invalid}}