Mercurial > mbse-firewall / changeset
changeset
Allow inverse neighbour discovery solicitation (141) / advertisement (142)
Thu, 18 Dec 2014 17:01:36 +0100
- author
- Michiel Broek <mbroek@mbse.eu>
- date
- Thu, 18 Dec 2014 17:01:36 +0100
- changeset 5
- 2340826a516b
- parent 4
- 92045b0e8e17
- child 6
- be2d7c142726
Allow inverse neighbour discovery solicitation (141) / advertisement (142)
| sbin/mbse-firewall | file | annotate | diff | comparison | revisions |
--- a/sbin/mbse-firewall Thu Dec 18 16:56:55 2014 +0100 +++ b/sbin/mbse-firewall Thu Dec 18 17:01:36 2014 +0100 @@ -400,6 +400,11 @@ $IP6TABLES -A OUTPUT -p ipv6-icmp -m icmp6 --icmpv6-type router-advertisement -m hl --hl-eq 255 -j ACCEPT $IP6TABLES -A OUTPUT -p ipv6-icmp -m icmp6 --icmpv6-type neighbour-solicitation -m hl --hl-eq 255 -j ACCEPT $IP6TABLES -A OUTPUT -p ipv6-icmp -m icmp6 --icmpv6-type neighbour-advertisement -m hl --hl-eq 255 -j ACCEPT + # Allow inverse neighbour discovery solicitation (141) / advertisement (142) + $IP6TABLES -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 141 -m hl --hl-eq 255 -j ACCEPT + $IP6TABLES -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 142 -m hl --hl-eq 255 -j ACCEPT + $IP6TABLES -A OUTPUT -p ipv6-icmp -m icmp6 --icmpv6-type 141 -m hl --hl-eq 255 -j ACCEPT + $IP6TABLES -A OUTPUT -p ipv6-icmp -m icmp6 --icmpv6-type 142 -m hl --hl-eq 255 -j ACCEPT # MLD messages. DROP on external interface, but ACCEPT on others. if [ -n "$IF_EXT6" -a "$IF_EXT_IS_BORDER_GW" = "1" ]; then
