|
|
@@ -41,7 +41,19 @@ for _, zone in ipairs ({ 'mesh', 'local_client' } ) do
|
|
|
uci:section('firewall', 'rule', zone .. '_ICMPv6_in', {
|
|
|
src = zone,
|
|
|
proto = 'icmp',
|
|
|
- icmp_type = {'echo-request', 'echo-reply', 'destination-unreachable', 'packet-too-big', 'time-exceeded', 'bad-header', 'unknown-header-type', 'router-solicitation', 'neighbour-solicitation', 'router-advertisement', 'neighbour-advertisement', },
|
|
|
+ icmp_type = {
|
|
|
+ 'echo-request',
|
|
|
+ 'echo-reply',
|
|
|
+ 'destination-unreachable',
|
|
|
+ 'packet-too-big',
|
|
|
+ 'time-exceeded',
|
|
|
+ 'bad-header',
|
|
|
+ 'unknown-header-type',
|
|
|
+ 'router-solicitation',
|
|
|
+ 'neighbour-solicitation',
|
|
|
+ 'router-advertisement',
|
|
|
+ 'neighbour-advertisement',
|
|
|
+ },
|
|
|
limit = '1000/sec',
|
|
|
family = 'ipv6',
|
|
|
target = 'ACCEPT',
|
|
|
@@ -50,7 +62,19 @@ for _, zone in ipairs ({ 'mesh', 'local_client' } ) do
|
|
|
uci:section('firewall', 'rule', zone .. '_ICMPv6_out', {
|
|
|
dest = zone,
|
|
|
proto = 'icmp',
|
|
|
- icmp_type = {'echo-request', 'echo-reply', 'destination-unreachable', 'packet-too-big', 'time-exceeded', 'bad-header', 'unknown-header-type', 'router-solicitation', 'neighbour-solicitation', 'router-advertisement', 'neighbour-advertisement' },
|
|
|
+ icmp_type = {
|
|
|
+ 'echo-request',
|
|
|
+ 'echo-reply',
|
|
|
+ 'destination-unreachable',
|
|
|
+ 'packet-too-big',
|
|
|
+ 'time-exceeded',
|
|
|
+ 'bad-header',
|
|
|
+ 'unknown-header-type',
|
|
|
+ 'router-solicitation',
|
|
|
+ 'neighbour-solicitation',
|
|
|
+ 'router-advertisement',
|
|
|
+ 'neighbour-advertisement',
|
|
|
+ },
|
|
|
limit = '1000/sec',
|
|
|
family = 'ipv6',
|
|
|
target = 'ACCEPT',
|
Matthias Schiffer