From a252383918afef665d492593f5564cbef501c21c Mon Sep 17 00:00:00 2001
From: Matthias Schiffer <mschiffer@universe-factory.net>
Date: Tue, 26 Dec 2017 22:55:34 +0100
Subject: [PATCH] gluon-core: firewall: remove redundant ICMPv6 output rules

OUTPUT is always accepted, no need to allow ICMPv6 explicitly.
---
 .../lib/gluon/upgrade/140-firewall-rules      | 22 ++-----------------
 1 file changed, 2 insertions(+), 20 deletions(-)

diff --git a/package/gluon-core/luasrc/lib/gluon/upgrade/140-firewall-rules b/package/gluon-core/luasrc/lib/gluon/upgrade/140-firewall-rules
index 86ab0b533..cf13cf2ee 100755
--- a/package/gluon-core/luasrc/lib/gluon/upgrade/140-firewall-rules
+++ b/package/gluon-core/luasrc/lib/gluon/upgrade/140-firewall-rules
@@ -59,26 +59,8 @@ for _, zone in ipairs ({ 'mesh', 'local_client' } ) do
 		target = 'ACCEPT',
 	})
 
-	uci:section('firewall', 'rule', zone .. '_ICMPv6_out', {
-		dest = zone,
-		proto = 'icmp',
-		icmp_type = {
-			'echo-request',
-			'echo-reply',
-			'destination-unreachable',
-			'packet-too-big',
-			'time-exceeded',
-			'bad-header',
-			'unknown-header-type',
-			'router-solicitation',
-			'neighbour-solicitation',
-			'router-advertisement',
-			'neighbour-advertisement',
-		},
-		limit = '1000/sec',
-		family = 'ipv6',
-		target = 'ACCEPT',
-	})
+	-- Can be removed soon: was never in a release
+	uci:delete('firewall', zone .. '_ICMPv6_out')
 end
 
 uci:save('firewall')
-- 
GitLab