summaryrefslogtreecommitdiffhomepage
path: root/applications/luci-app-firewall/htdocs
diff options
context:
space:
mode:
authorAaron Jones <aaronmdjones@gmail.com>2019-08-11 06:08:07 +0000
committerAaron Jones <aaronmdjones@gmail.com>2019-08-11 06:10:47 +0000
commit17f3e03930a79aecbb6ebcf851e47473d099ad32 (patch)
tree9e285558535a46d8817d13e8cbd448245313a01d /applications/luci-app-firewall/htdocs
parent9def6faa4e3d35242ff4690ced5c87851441e800 (diff)
luci-app-firewall: rules: allow ICMPv6 ND types
The "Match ICMP Type" dropdown had entries for router solicitation & router advertisements, but not the more generic neighbour solicitation & neighbour advertisements. A LAN cannot function without Neighbour Discovery; this means that setting a LAN interface default input policy to REJECT breaks IPv6 WAN access for all hosts on that LAN; as they can no longer discover their gateway's MAC address. This can be fixed with appropriate rules allowing ND input, which this patch allows one to do in LuCI. The spelling is the same as in [1]. [1] <https://git.openwrt.org/?p=openwrt/openwrt.git;a=blob;f=package/network/config/firewall/files/firewall.config> Signed-off-by: Aaron Jones <aaronmdjones@gmail.com>
Diffstat (limited to 'applications/luci-app-firewall/htdocs')
-rw-r--r--applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js2
1 files changed, 2 insertions, 0 deletions
diff --git a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js
index 4252cf369..e0c858fc4 100644
--- a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js
+++ b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js
@@ -247,6 +247,8 @@ return L.view.extend({
o.value('echo-request');
o.value('router-advertisement');
o.value('router-solicitation');
+ o.value('neighbour-advertisement');
+ o.value('neighbour-solicitation');
o.value('time-exceeded');
o.value('ttl-zero-during-transit');
o.value('ttl-zero-during-reassembly');