mwan3: Do not mangle outgoing ipv6 pings
Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
This commit is contained in:
Aaron Goodman
parent
b7d1f81f10
commit
cf38136b00
1 changed files with 15 additions and 1 deletions
|
|
@ -240,7 +240,7 @@ mwan3_set_custom_ipset()
|
|||
|
||||
mwan3_set_connected_iptables()
|
||||
{
|
||||
local connected_network_v4 connected_network_v6
|
||||
local connected_network_v4 connected_network_v6 source_network_v6
|
||||
|
||||
$IPS -! create mwan3_connected_v4 hash:net
|
||||
$IPS create mwan3_connected_v4_temp hash:net
|
||||
|
|
@ -272,6 +272,14 @@ mwan3_set_connected_iptables()
|
|||
$IPS -! add mwan3_connected mwan3_connected_v4
|
||||
$IPS -! add mwan3_connected mwan3_connected_v6
|
||||
|
||||
$IPS -! create mwan3_source_v6 hash:net family inet6
|
||||
$IPS create mwan3_source_v6_temp hash:net family inet6
|
||||
for source_network_v6 in $($IP6 addr ls | sed -ne 's/ *inet6 \([^ \/]*\).* scope global.*/\1/p'); do
|
||||
$IPS -! add mwan3_source_v6_temp $source_network_v6
|
||||
done
|
||||
$IPS swap mwan3_source_v6_temp mwan3_source_v6
|
||||
$IPS destroy mwan3_source_v6_temp
|
||||
|
||||
$IPS -! create mwan3_dynamic_v4 hash:net
|
||||
$IPS -! add mwan3_connected mwan3_dynamic_v4
|
||||
|
||||
|
|
@ -343,6 +351,12 @@ mwan3_set_general_iptables()
|
|||
-p ipv6-icmp \
|
||||
-m icmp6 --icmpv6-type 137 \
|
||||
-j RETURN
|
||||
# do not mangle outgoing echo request
|
||||
$IPT6 -A mwan3_hook \
|
||||
-m set --match-set mwan3_source_v6 src \
|
||||
-p ipv6-icmp -m icmp6 --icmpv6-type 128 \
|
||||
-j RETURN
|
||||
|
||||
fi
|
||||
$IPT -A mwan3_hook \
|
||||
-j CONNMARK --restore-mark --nfmask $MMX_MASK --ctmask $MMX_MASK
|
||||
|
|
|
|||
Loading…
Reference in a new issue