From 33ed1eff572a4f705e1b67f43e9b2c9bc9c0e3b6 Mon Sep 17 00:00:00 2001 From: Dirk Brenken Date: Wed, 30 Dec 2020 16:13:58 +0100 Subject: [PATCH] banip: DHCPv6 bugfix * ignore local DHCPv6 related and local icmpv6 traffic in banIP chain Signed-off-by: Dirk Brenken --- net/banip/Makefile | 4 ++-- net/banip/files/banip.sh | 10 +++++++--- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/net/banip/Makefile b/net/banip/Makefile index ddcf90dc1..5ebd6456f 100644 --- a/net/banip/Makefile +++ b/net/banip/Makefile @@ -6,8 +6,8 @@ include $(TOPDIR)/rules.mk PKG_NAME:=banip -PKG_VERSION:=0.3.12 -PKG_RELEASE:=3 +PKG_VERSION:=0.3.13 +PKG_RELEASE:=1 PKG_LICENSE:=GPL-3.0-or-later PKG_MAINTAINER:=Dirk Brenken diff --git a/net/banip/files/banip.sh b/net/banip/files/banip.sh index 708c88387..14cc1f5f2 100755 --- a/net/banip/files/banip.sh +++ b/net/banip/files/banip.sh @@ -13,7 +13,7 @@ # LC_ALL=C PATH="/usr/sbin:/usr/bin:/sbin:/bin" -ban_ver="0.3.12" +ban_ver="0.3.13" ban_basever="" ban_enabled=0 ban_automatic="1" @@ -410,8 +410,10 @@ f_iptadd() f_iptrule "-I" "${wan_forward} -j ${ban_chain}" if [ "${src_name##*_}" != "6" ] then - # special IPv4 rules f_iptrule "-A" "${ban_chain} -p udp --dport 67:68 --sport 67:68 -j RETURN" + else + f_iptrule "-A" "${ban_chain} -p udp -s fc00::/6 --sport 547 -d fc00::/6 --dport 546 -j RETURN" + f_iptrule "-A" "${ban_chain} -p ipv6-icmp -s fe80::/10 -d fe80::/10 -j RETURN" fi for dev in ${ban_dev} do @@ -424,8 +426,10 @@ f_iptadd() f_iptrule "-I" "${lan_forward} -j ${ban_chain}" if [ "${src_name##*_}" != "6" ] then - # special IPv4 rules f_iptrule "-A" "${ban_chain} -p udp --dport 67:68 --sport 67:68 -j RETURN" + else + f_iptrule "-A" "${ban_chain} -p udp -s fc00::/6 --sport 547 -d fc00::/6 --dport 546 -j RETURN" + f_iptrule "-A" "${ban_chain} -p ipv6-icmp -s fe80::/10 -d fe80::/10 -j RETURN" fi for dev in ${ban_dev} do