firewall: config: remove restictions on DHCPv6 allow rule

Remove restrictions on source and destination addresses, which aren't specified on RFC8415, and for some reason in openwrt are configured to allow both link-local and ULA addresses. As cleared out in issue openwrt#5066 there are some ISPs that use Gloabal Unicast addresses, so fix this rule to allow them. Fixes: openwrt#5066 Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com> [rebase onto firewall3, clarify subject, bump PKG_RELEASE] Signed-off-by: Jo-Philipp Wich <jo@mein.io>
musashino-build · May 4, 2022 · 65258f5 · 65258f5
1 parent 1daaef3
commit 65258f5
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 4 deletions.
diff --git a/package/network/config/firewall/Makefile b/package/network/config/firewall/Makefile
@@ -9,7 +9,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=firewall
-PKG_RELEASE:=2
+PKG_RELEASE:=3
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/firewall3.git

diff --git a/package/network/config/firewall/files/firewall.config b/package/network/config/firewall/files/firewall.config
@@ -54,13 +54,11 @@ config rule
 	option target		ACCEPT
 
 # Allow DHCPv6 replies
-# see https://dev.openwrt.org/ticket/10381
+# see https://github.com/openwrt/openwrt/issues/5066
 config rule
 	option name		Allow-DHCPv6
 	option src		wan
 	option proto		udp
-	option src_ip		fc00::/6
-	option dest_ip		fc00::/6
 	option dest_port	546
 	option family		ipv6
 	option target		ACCEPT