brielle
/
Firewall-SOSDG
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

IPv6 DHCP

master
bbruns 2011-04-10 22:28:45 +00:00
parent f66d12b7c2
commit c5947c45eb
3 changed files with 17 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog
View File

@ -1,5 +1,5 @@
0.9.14 - Brielle Bruns <bruns@2mbit.com>
-
- IPv6 DHCP bypass rules (IPV6_LANDHCPSERVER)
0.9.13 - Brielle Bruns <bruns@2mbit.com>
- Fix location of ipv6 fi statement, moved to end of ipv6 rules

12
bin/firewall-sosdg
View File

@ -797,6 +797,18 @@ if [ $IPV6 ]; then
. "$BASEDIR/include/ipv6_custom_blockip"
fi
if [ "$IPV6_LANDHCPSERVER" ]; then
for i in $IPV6_LANDHCPSERVER; do
$IP6TABLES -A INPUT -i $i -p udp --sport 546:547 --dport 546:547 -j ACCEPT
$IP6TABLES -A INPUT -i $i -p tcp --sport 546:547 --dport 546:547 -j ACCEPT
$IP6TABLES -A OUTPUT -o $i -p udp --sport 546:547 --dport 546:547 -j ACCEPT
$IP6TABLES -A OUTPUT -o $i -p tcp --sport 546:547 --dport 546:547 -j ACCEPT
#$IP6TABLES -A INPUT -i $i -p udp -d ff02::1:2 --sport 546:547 --dport 546:547 -j ACCEPT
#$IP6TABLES -A INPUT -i $i -p tcp -d ff02::1:2 --sport 546:547 --dport 546:547 -j ACCEPT
#$IP6TABLES -A OUTPUT -o $i -p udp -d fe80::/16 --sport 546:547 --dport 546:547 -j ACCEPT
#$IP6TABLES -A OUTPUT -o $i -p tcp -d fe80::/16 --sport 546:547 --dport 546:547 -j ACCEPT
done
fi
if [ -s "$BASEDIR/include/ipv6_custom_conntrack" ]; then
display_c YELLOW "Loading custom IPv6 conntrack rules..."

4
options.default
View File

@ -233,6 +233,10 @@ IPV6_PFORWARD=DROP
# Trusted IPv6 ranges
#IPV6_TRUSTED="::1"
# Do we run a LAN DHCP server? Put the interfaces here
# where this server is providing services.
#IPV6_LANDHCPSERVER="eth0 eth1"
# Allowed incoming IPv6 ports (for now, use $TCPPORTS and $UDPPORTS to
# have same for both ipv4 and ipv6)
#IPV6_TCPPORTS=$TCPPORTS