# HG changeset patch # User Michiel Broek # Date 1418918496 -3600 # Node ID 2340826a516bbe86ca59b20ba5943456b39930d7 # Parent 92045b0e8e172a6b01f0d86000e08ad58ab89a6e Allow inverse neighbour discovery solicitation (141) / advertisement (142) diff -r 92045b0e8e17 -r 2340826a516b sbin/mbse-firewall --- a/sbin/mbse-firewall Thu Dec 18 16:56:55 2014 +0100 +++ b/sbin/mbse-firewall Thu Dec 18 17:01:36 2014 +0100 @@ -400,6 +400,11 @@ $IP6TABLES -A OUTPUT -p ipv6-icmp -m icmp6 --icmpv6-type router-advertisement -m hl --hl-eq 255 -j ACCEPT $IP6TABLES -A OUTPUT -p ipv6-icmp -m icmp6 --icmpv6-type neighbour-solicitation -m hl --hl-eq 255 -j ACCEPT $IP6TABLES -A OUTPUT -p ipv6-icmp -m icmp6 --icmpv6-type neighbour-advertisement -m hl --hl-eq 255 -j ACCEPT + # Allow inverse neighbour discovery solicitation (141) / advertisement (142) + $IP6TABLES -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 141 -m hl --hl-eq 255 -j ACCEPT + $IP6TABLES -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 142 -m hl --hl-eq 255 -j ACCEPT + $IP6TABLES -A OUTPUT -p ipv6-icmp -m icmp6 --icmpv6-type 141 -m hl --hl-eq 255 -j ACCEPT + $IP6TABLES -A OUTPUT -p ipv6-icmp -m icmp6 --icmpv6-type 142 -m hl --hl-eq 255 -j ACCEPT # MLD messages. DROP on external interface, but ACCEPT on others. if [ -n "$IF_EXT6" -a "$IF_EXT_IS_BORDER_GW" = "1" ]; then