[package] firewall: refine default ICMPv6 rules to better conform with RFC4890, do...

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@27321 3c298f89-4303-0410-b956-a3cf2f4a3e73

diff --git a/package/firewall/files/firewall.config b/package/firewall/files/firewall.config
index c7bc798..b47823f 100644 (file)
--- a/package/firewall/files/firewall.config
+++ b/package/firewall/files/firewall.config
@@ -48,27 +48,16 @@ config rule
        option src              wan
        option dest             *
        option proto            icmp
-       list icmp_type          router-solicitation
-       list icmp_type          router-advertisement
-       list icmp_type          neighbour-solicitation
-       list icmp_type          neighbour-advertisement
        list icmp_type          echo-request
        list icmp_type          destination-unreachable
        list icmp_type          packet-too-big
        list icmp_type          time-exceeded
+       list icmp_type          bad-header
+       list icmp_type          unknown-header-type
        option limit            1000/sec
        option family           ipv6
        option target           ACCEPT
 
-# Drop leaking router advertisements on WAN
-config rule
-       option src              *
-       option dest             wan
-       option proto            icmp
-       option icmp_type        router-advertisement
-       option family           ipv6
-       option target           DROP
-
 # include a file with users custom iptables rules
 config include
        option path /etc/firewall.user