summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorAaron Jones <aaronmdjones@gmail.com>2019-08-11 06:08:07 +0000
committerAaron Jones <aaronmdjones@gmail.com>2019-08-11 06:10:47 +0000
commit17f3e03930a79aecbb6ebcf851e47473d099ad32 (patch)
tree9e285558535a46d8817d13e8cbd448245313a01d
parent9def6faa4e3d35242ff4690ced5c87851441e800 (diff)
luci-app-firewall: rules: allow ICMPv6 ND types
The "Match ICMP Type" dropdown had entries for router solicitation & router advertisements, but not the more generic neighbour solicitation & neighbour advertisements. A LAN cannot function without Neighbour Discovery; this means that setting a LAN interface default input policy to REJECT breaks IPv6 WAN access for all hosts on that LAN; as they can no longer discover their gateway's MAC address. This can be fixed with appropriate rules allowing ND input, which this patch allows one to do in LuCI. The spelling is the same as in [1]. [1] <https://git.openwrt.org/?p=openwrt/openwrt.git;a=blob;f=package/network/config/firewall/files/firewall.config> Signed-off-by: Aaron Jones <aaronmdjones@gmail.com>
-rw-r--r--applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js2
1 files changed, 2 insertions, 0 deletions
diff --git a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js
index 4252cf369..e0c858fc4 100644
--- a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js
+++ b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js
@@ -247,6 +247,8 @@ return L.view.extend({
o.value('echo-request');
o.value('router-advertisement');
o.value('router-solicitation');
+ o.value('neighbour-advertisement');
+ o.value('neighbour-solicitation');
o.value('time-exceeded');
o.value('ttl-zero-during-transit');
o.value('ttl-zero-during-reassembly');