firewall3: Make IPv6 ULA-Border generation dynamic

[openwrt.git] / package / network / config / firewall3 / files / firewall.config

diff --git a/package/network/config/firewall3/files/firewall.config b/package/network/config/firewall3/files/firewall.config
index 6acfe1e..fa09b68 100644 (file)
--- a/package/network/config/firewall3/files/firewall.config
+++ b/package/network/config/firewall3/files/firewall.config
@@ -95,29 +95,17 @@ config rule
        option family           ipv6
        option target           ACCEPT
 
-# Block ULA-traffic from leaking out
-config rule
-       option name             Enforce-ULA-Border-Src
-       option src              *
-       option dest             wan
-       option proto            all
-       option src_ip           fc00::/7
-       option family           ipv6
-       option target           REJECT
-
-config rule
-       option name             Enforce-ULA-Border-Dest
-       option src              *
-       option dest             wan
-       option proto            all
-       option dest_ip          fc00::/7
-       option family           ipv6
-       option target           REJECT
-
 # include a file with users custom iptables rules
 config include
        option path /etc/firewall.user
 
+# include IPv6 ULA-border
+config include
+       option type script
+       option path /usr/share/firewall/ipv6-ula-border.sh
+       option family IPv6
+       option reload 1
+
 
 ### EXAMPLE CONFIG SECTIONS
 # do not allow a specific ip to access wan