From 32e9f41e253d606b47efc92b97571bb3916346b2 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Thu, 21 Jan 2021 19:01:30 +0100
Subject: [PATCH] Add DHCPv6 wan firewall rules

---
 .../files/etc/uci-defaults/1980-omr-firewall  | 22 +++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/openmptcprouter/files/etc/uci-defaults/1980-omr-firewall b/openmptcprouter/files/etc/uci-defaults/1980-omr-firewall
index 204cb92f3..db2fcf39e 100755
--- a/openmptcprouter/files/etc/uci-defaults/1980-omr-firewall
+++ b/openmptcprouter/files/etc/uci-defaults/1980-omr-firewall
@@ -164,6 +164,28 @@ if [ "$(uci -q get firewall.allowicmpipv6)" = "" ]; then
 	EOF
 fi
 
+if [ "$(uci -q get firewall.allowdhcpv6546)" = "" ]; then
+	uci -q batch <<-EOF >/dev/null
+		set firewall.allowdhcpv6546=rule
+		set firewall.allowdhcpv6546.target='ACCEPT'
+		set firewall.allowdhcpv6546.src='wan'
+		set firewall.allowdhcpv6546.proto='udp'
+		set firewall.allowdhcpv6546.dest_port='547'
+		set firewall.allowdhcpv6546.name='Allow DHCPv6 (546-to-547)'
+		set firewall.allowdhcpv6546.family='ipv6'
+		set firewall.allowdhcpv6546.src_port='546'
+		set firewall.allowdhcpv6547=rule
+		set firewall.allowdhcpv6547.target='ACCEPT'
+		set firewall.allowdhcpv6547.src='wan'
+		set firewall.allowdhcpv6547.proto='udp'
+		set firewall.allowdhcpv6547.dest_port='546'
+		set firewall.allowdhcpv6547.name='Allow DHCPv6 (547-to-546)'
+		set firewall.allowdhcpv6547.family='ipv6'
+		set firewall.allowdhcpv6547.src_port='547'
+		commit firewall
+	EOF
+fi
+
 # Fix firewall config from some old config
 allintf=$(uci -q get firewall.@zone[1].network)
 uci -q del firewall.@zone[1].network