IPv6 DHCP

2011-04-10 22:28:45 +00:00 · 2011-04-10 22:28:45 +00:00 · c5947c45eb
parent f66d12b7c2
commit c5947c45eb
3 changed files with 17 additions and 1 deletions
--- a/2
+++ b/2
@ -1,5 +1,5 @@
 0.9.14 - Brielle Bruns <bruns@2mbit.com>
-	-
+	- IPv6 DHCP bypass rules (IPV6_LANDHCPSERVER)
 0.9.13 - Brielle Bruns <bruns@2mbit.com>
 	- Fix location of ipv6 fi statement, moved to end of ipv6 rules
--- a/bin/firewall-sosdg
+++ b/bin/firewall-sosdg
@ -797,6 +797,18 @@ if [ $IPV6 ]; then
 	. "$BASEDIR/include/ipv6_custom_blockip"
 fi
 if [ "$IPV6_LANDHCPSERVER" ]; then
 	for i in $IPV6_LANDHCPSERVER; do
 		$IP6TABLES -A INPUT -i $i -p udp --sport 546:547 --dport 546:547 -j ACCEPT
 		$IP6TABLES -A INPUT -i $i -p tcp --sport 546:547 --dport 546:547 -j ACCEPT
 		$IP6TABLES -A OUTPUT -o $i -p udp --sport 546:547 --dport 546:547 -j ACCEPT
 		$IP6TABLES -A OUTPUT -o $i -p tcp --sport 546:547 --dport 546:547 -j ACCEPT
 		#$IP6TABLES -A INPUT -i $i -p udp -d ff02::1:2 --sport 546:547 --dport 546:547 -j ACCEPT
 		#$IP6TABLES -A INPUT -i $i -p tcp -d ff02::1:2 --sport 546:547 --dport 546:547 -j ACCEPT
 		#$IP6TABLES -A OUTPUT -o $i -p udp -d fe80::/16 --sport 546:547 --dport 546:547 -j ACCEPT
 		#$IP6TABLES -A OUTPUT -o $i -p tcp -d fe80::/16 --sport 546:547 --dport 546:547 -j ACCEPT
 	done
 fi
 if [ -s "$BASEDIR/include/ipv6_custom_conntrack" ]; then
 	display_c YELLOW "Loading custom IPv6 conntrack rules..."
--- a/options.default
+++ b/options.default
@ -233,6 +233,10 @@ IPV6_PFORWARD=DROP
 # Trusted IPv6 ranges
 #IPV6_TRUSTED="::1"
 # Do we run a LAN DHCP server?  Put the interfaces here
 # where this server is providing services.
 #IPV6_LANDHCPSERVER="eth0 eth1"
 # Allowed incoming IPv6 ports (for now, use $TCPPORTS and $UDPPORTS to
 # have same for both ipv4 and ipv6)
 #IPV6_TCPPORTS=$TCPPORTS