X-Git-Url: https://git.archive.openwrt.org/?p=openwrt.git;a=blobdiff_plain;f=package%2Fnetwork%2Fconfig%2Ffirewall%2Ffiles%2Ffirewall.config;h=6acfe1e86a3ab84252c8cc287b3a04c43fbf8caa;hp=a87413904dd0781d59e57d10255d8804981649cf;hb=767e0521dfcd49b4cab19989d3448c265c9ea33c;hpb=b0c25645e53f791c0b72d42f0f0ac22f3e1ed60a

diff --git a/package/network/config/firewall/files/firewall.config b/package/network/config/firewall/files/firewall.config
index a87413904d..6acfe1e86a 100644
--- a/package/network/config/firewall/files/firewall.config
+++ b/package/network/config/firewall/files/firewall.config
@@ -95,6 +95,25 @@ config rule
 	option family		ipv6
 	option target		ACCEPT
 
+# Block ULA-traffic from leaking out
+config rule
+	option name		Enforce-ULA-Border-Src
+	option src		*
+	option dest		wan
+	option proto		all
+	option src_ip		fc00::/7
+	option family		ipv6
+	option target		REJECT
+
+config rule
+	option name		Enforce-ULA-Border-Dest
+	option src		*
+	option dest		wan
+	option proto		all
+	option dest_ip		fc00::/7
+	option family		ipv6
+	option target		REJECT
+
 # include a file with users custom iptables rules
 config include
 	option path /etc/firewall.user