From 0fc9e1d966980881d72cff26ec8ca3c2b7f7846c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Linus=20L=C3=BCssing?= <linus.luessing@c0d3.blue>
Date: Tue, 8 Mar 2016 07:55:55 +0100
Subject: [PATCH] update config: "firewall: Allow IGMP and MLD input on WAN"
 (r45613)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Adopt the according modifications to the default firewall settings of
the WAN interface from OpenWRT, revision 45613.

Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
---
 .../files/lib/gluon/upgrade/110-network       | 26 +++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/package/gluon-core/files/lib/gluon/upgrade/110-network b/package/gluon-core/files/lib/gluon/upgrade/110-network
index d83f6d650..5de2f1f45 100755
--- a/package/gluon-core/files/lib/gluon/upgrade/110-network
+++ b/package/gluon-core/files/lib/gluon/upgrade/110-network
@@ -56,5 +56,31 @@ uci:save('network')
 uci:commit('network')
 
 
+uci:section('firewall', 'rule', 'wan_igmp',
+	    {
+	       name = 'Allow-IGMP',
+	       src = 'wan',
+	       proto = 'igmp',
+	       family = 'ipv4',
+	       target = 'ACCEPT',
+	    }
+)
+
+uci:section('firewall', 'rule', 'wan_mld',
+	    {
+	       name = 'Allow-MLD',
+	       src = 'wan',
+	       proto = 'icmp',
+	       src_ip = 'fe80::/10',
+	       icmp_type = { '130/0', '131/0', '132/0', '143/0', },
+	       family = 'ipv6',
+	       target = 'ACCEPT',
+	    }
+)
+
+uci:save('firewall')
+uci:commit('firewall')
+
+
 sysctl.set('net.ipv6.conf.all.accept_ra', 0)
 sysctl.set('net.ipv6.conf.default.accept_ra', 0)
-- 
GitLab