Difuse/luci
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

luci-app-firewall: rules: allow ICMPv6 ND types

Browse source 
The "Match ICMP Type" dropdown had entries for router
solicitation & router advertisements, but not the more
generic neighbour solicitation & neighbour advertisements.

A LAN cannot function without Neighbour Discovery; this
means that setting a LAN interface default input policy to
REJECT breaks IPv6 WAN access for all hosts on that LAN;
as they can no longer discover their gateway's MAC address.
This can be fixed with appropriate rules allowing ND input,
which this patch allows one to do in LuCI.

The spelling is the same as in [1].

[1] <https://git.openwrt.org/?p=openwrt/openwrt.git;a=blob;f=package/network/config/firewall/files/firewall.config>

Signed-off-by: Aaron Jones <aaronmdjones@gmail.com>
This commit is contained in:
Aaron Jones 2019-08-11 06:08:07 +00:00
parent 9def6faa4e
commit 17f3e03930
No known key found for this signature in database
GPG key ID: 50C25BA590AE7AB4
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js
View file

@ -247,6 +247,8 @@ return L.view.extend({
o.value('echo-request');
o.value('router-advertisement');
o.value('router-solicitation');
o.value('neighbour-advertisement');
o.value('neighbour-solicitation');
o.value('time-exceeded');
o.value('ttl-zero-during-transit');
o.value('ttl-zero-during-reassembly');