firewall3: Make IPv6 ULA-Border generation dynamic

[openwrt.git] / package / network / config / firewall3 / files / ipv6-ula-border.sh

diff --git a/package/network/config/firewall3/files/ipv6-ula-border.sh b/package/network/config/firewall3/files/ipv6-ula-border.sh
new file mode 100644 (file)
index 0000000..ebd23a9
--- /dev/null
+++ b/package/network/config/firewall3/files/ipv6-ula-border.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+ULA_PREFIX=$(uci -q get network.globals.ula_prefix)
+[ -n "$ULA_PREFIX" ] || exit 0
+
+ip6tables -I delegate_forward -s $ULA_PREFIX -m comment --comment "Enforce ULA-Border" -j zone_wan_dest_REJECT
+ip6tables -I delegate_forward -d $ULA_PREFIX -m comment --comment "Enforce ULA-Border" -j zone_wan_dest_REJECT