Add DHCPv6 wan firewall rules

2025-03-09 15:40:03 +00:00 · 2021-01-21 19:01:30 +01:00 · 2021-01-21 19:01:30 +01:00 · 32e9f41e25
commit 32e9f41e25
parent 24efb0ca34
1 changed files with 22 additions and 0 deletions
--- a/openmptcprouter/files/etc/uci-defaults/1980-omr-firewall
+++ b/openmptcprouter/files/etc/uci-defaults/1980-omr-firewall
@ -164,6 +164,28 @@ if [ "$(uci -q get firewall.allowicmpipv6)" = "" ]; then
 	EOF
 fi

+if [ "$(uci -q get firewall.allowdhcpv6546)" = "" ]; then
+	uci -q batch <<-EOF >/dev/null
+		set firewall.allowdhcpv6546=rule
+		set firewall.allowdhcpv6546.target='ACCEPT'
+		set firewall.allowdhcpv6546.src='wan'
+		set firewall.allowdhcpv6546.proto='udp'
+		set firewall.allowdhcpv6546.dest_port='547'
+		set firewall.allowdhcpv6546.name='Allow DHCPv6 (546-to-547)'
+		set firewall.allowdhcpv6546.family='ipv6'
+		set firewall.allowdhcpv6546.src_port='546'
+		set firewall.allowdhcpv6547=rule
+		set firewall.allowdhcpv6547.target='ACCEPT'
+		set firewall.allowdhcpv6547.src='wan'
+		set firewall.allowdhcpv6547.proto='udp'
+		set firewall.allowdhcpv6547.dest_port='546'
+		set firewall.allowdhcpv6547.name='Allow DHCPv6 (547-to-546)'
+		set firewall.allowdhcpv6547.family='ipv6'
+		set firewall.allowdhcpv6547.src_port='547'
+		commit firewall
+	EOF
+fi
+
 # Fix firewall config from some old config
 allintf=$(uci -q get firewall.@zone[1].network)
 uci -q del firewall.@zone[1].network