From 81022c95d124a62c72a819b48712e13476905edf Mon Sep 17 00:00:00 2001 From: ohrensessel Date: Sun, 19 Oct 2014 16:02:30 +0200 Subject: [PATCH] Fix ebtables dhcpv6 rules the ports were interchanged, see the following packet flow: client:546 --> [ff02::1:2]:547 server:547 --> client:546 therefore we need to allow outgoing multicast packets with dst-port 547 and unicast packets from bat0 to clients with dst-port 546 and 547 in the other direction --- .../files/lib/gluon/ebtables/110-mcast-allow-dhcpv6 | 2 +- .../files/lib/gluon/ebtables/200-dir-dhcpv6 | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/gluon/gluon-ebtables-filter-multicast/files/lib/gluon/ebtables/110-mcast-allow-dhcpv6 b/gluon/gluon-ebtables-filter-multicast/files/lib/gluon/ebtables/110-mcast-allow-dhcpv6 index d156de4..6d7f0f5 100644 --- a/gluon/gluon-ebtables-filter-multicast/files/lib/gluon/ebtables/110-mcast-allow-dhcpv6 +++ b/gluon/gluon-ebtables-filter-multicast/files/lib/gluon/ebtables/110-mcast-allow-dhcpv6 @@ -1 +1 @@ -rule 'MULTICAST_OUT -p IPv6 --ip6-protocol udp --ip6-destination-port 546 -j RETURN' +rule 'MULTICAST_OUT -p IPv6 --ip6-protocol udp --ip6-destination-port 547 -j RETURN' diff --git a/gluon/gluon-ebtables-filter-ra-dhcp/files/lib/gluon/ebtables/200-dir-dhcpv6 b/gluon/gluon-ebtables-filter-ra-dhcp/files/lib/gluon/ebtables/200-dir-dhcpv6 index d433cdd..470a764 100644 --- a/gluon/gluon-ebtables-filter-ra-dhcp/files/lib/gluon/ebtables/200-dir-dhcpv6 +++ b/gluon/gluon-ebtables-filter-ra-dhcp/files/lib/gluon/ebtables/200-dir-dhcpv6 @@ -1,5 +1,5 @@ -rule 'FORWARD -p IPv6 --ip6-protocol udp --ip6-destination-port 546 -j OUT_ONLY' -rule 'OUTPUT -p IPv6 --ip6-protocol udp --ip6-destination-port 546 -j OUT_ONLY' +rule 'FORWARD -p IPv6 --ip6-protocol udp --ip6-destination-port 547 -j OUT_ONLY' +rule 'OUTPUT -p IPv6 --ip6-protocol udp --ip6-destination-port 547 -j OUT_ONLY' -rule 'FORWARD -p IPv6 --ip6-protocol udp --ip6-destination-port 547 -j IN_ONLY' -rule 'INPUT -p IPv6 --ip6-protocol udp --ip6-destination-port 547 -j IN_ONLY' +rule 'FORWARD -p IPv6 --ip6-protocol udp --ip6-destination-port 546 -j IN_ONLY' +rule 'INPUT -p IPv6 --ip6-protocol udp --ip6-destination-port 546 -j IN_ONLY'