master
bbruns 12 years ago
parent f66d12b7c2
commit c5947c45eb
  1. 2
      ChangeLog
  2. 12
      bin/firewall-sosdg
  3. 4
      options.default

@ -1,5 +1,5 @@
0.9.14 - Brielle Bruns <bruns@2mbit.com>
-
- IPv6 DHCP bypass rules (IPV6_LANDHCPSERVER)
0.9.13 - Brielle Bruns <bruns@2mbit.com>
- Fix location of ipv6 fi statement, moved to end of ipv6 rules

@ -797,6 +797,18 @@ if [ $IPV6 ]; then
. "$BASEDIR/include/ipv6_custom_blockip"
fi
if [ "$IPV6_LANDHCPSERVER" ]; then
for i in $IPV6_LANDHCPSERVER; do
$IP6TABLES -A INPUT -i $i -p udp --sport 546:547 --dport 546:547 -j ACCEPT
$IP6TABLES -A INPUT -i $i -p tcp --sport 546:547 --dport 546:547 -j ACCEPT
$IP6TABLES -A OUTPUT -o $i -p udp --sport 546:547 --dport 546:547 -j ACCEPT
$IP6TABLES -A OUTPUT -o $i -p tcp --sport 546:547 --dport 546:547 -j ACCEPT
#$IP6TABLES -A INPUT -i $i -p udp -d ff02::1:2 --sport 546:547 --dport 546:547 -j ACCEPT
#$IP6TABLES -A INPUT -i $i -p tcp -d ff02::1:2 --sport 546:547 --dport 546:547 -j ACCEPT
#$IP6TABLES -A OUTPUT -o $i -p udp -d fe80::/16 --sport 546:547 --dport 546:547 -j ACCEPT
#$IP6TABLES -A OUTPUT -o $i -p tcp -d fe80::/16 --sport 546:547 --dport 546:547 -j ACCEPT
done
fi
if [ -s "$BASEDIR/include/ipv6_custom_conntrack" ]; then
display_c YELLOW "Loading custom IPv6 conntrack rules..."

@ -233,6 +233,10 @@ IPV6_PFORWARD=DROP
# Trusted IPv6 ranges
#IPV6_TRUSTED="::1"
# Do we run a LAN DHCP server? Put the interfaces here
# where this server is providing services.
#IPV6_LANDHCPSERVER="eth0 eth1"
# Allowed incoming IPv6 ports (for now, use $TCPPORTS and $UDPPORTS to
# have same for both ipv4 and ipv6)
#IPV6_TCPPORTS=$TCPPORTS

Loading…
Cancel
Save