#20295: default firewall config breaks dhcpv6
------------------------------------+------------------------
Reporter: k+openwrt@… | Owner: developers
Type: defect | Status: new
Priority: normal | Milestone:
Component: packages | Version: Trunk
Keywords: firewall, ipv6, dhcpv6 |
------------------------------------+------------------------
The default firewall config as of r46508 [1] breaks receiving dhcpv6
replies as it only permits packets originating from port 547.
RFC 3315 defines only destination ports, no source ports.
E.g. wide-dhcpv6 seems to send the replies from a random chosen port.
Please remove the "src_port" option from the "Allow-DHCPv6" rule in
/etc/config/firewall resulting in:
{{{
config rule
option name Allow-DHCPv6
option src wan
option proto udp
option src_ip fe80::/10
option dest_ip fe80::/10
option dest_port 546
option family ipv6
option target ACCEPT
}}}
[1]:
https://dev.openwrt.org/browser/branches/chaos_calmer/package/network/config/firewall/files/firewall.config?rev=46508
--
Ticket URL: <https://dev.openwrt.org/ticket/20295>
OpenWrt <http://openwrt.org>
Opensource Wireless Router Technology
_______________________________________________
openwrt-tickets mailing list
[email protected]
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-tickets
