forked from freifunk-franken/firmware
fff-hoods: firewall fe80::1 from Client to Batman and Node
This firewall blocks all communication with fe80::1 from a Client to Batman and to the Node. We need this because some crap devices (e.g. a wrongly connected router on a clientport) have fe80::1 as address and break our setup. Signed-off-by: Christian Dresel <fff@chrisi01.de> Tested-by: Robert Langhammer <rlanghammer@web.de> Reviewed-by: Robert Langhammer <rlanghammer@web.de> Acked-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This commit is contained in:
parent
cb0420e2d3
commit
f8269102a5
|
@ -13,7 +13,7 @@ define Package/$(PKG_NAME)
|
|||
CATEGORY:=Freifunk
|
||||
TITLE:= Freifunk-Franken hoods
|
||||
URL:=http://www.freifunk-franken.de
|
||||
DEPENDS:=+fff-hoodutils +fff-macnock +fff-vpn-select
|
||||
DEPENDS:=+fff-hoodutils +fff-macnock +fff-vpn-select +fff-firewall
|
||||
endef
|
||||
|
||||
define Package/$(PKG_NAME)/description
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
# Erlaube nur fe80::1 von BATMAN -> CLIENT
|
||||
ebtables -A FORWARD -p IPv6 --ip6-source fe80::1 -j IN_ONLY
|
||||
|
||||
# Erlaube nur fe80::1 von KNOTEN -> CLIENT
|
||||
ebtables -A INPUT -p IPv6 --ip6-source fe80::1 -j IN_ONLY
|
Loading…
Reference in New Issue