From 17f3e03930a79aecbb6ebcf851e47473d099ad32 Mon Sep 17 00:00:00 2001 From: Aaron Jones Date: Sun, 11 Aug 2019 06:08:07 +0000 Subject: [PATCH] luci-app-firewall: rules: allow ICMPv6 ND types The "Match ICMP Type" dropdown had entries for router solicitation & router advertisements, but not the more generic neighbour solicitation & neighbour advertisements. A LAN cannot function without Neighbour Discovery; this means that setting a LAN interface default input policy to REJECT breaks IPv6 WAN access for all hosts on that LAN; as they can no longer discover their gateway's MAC address. This can be fixed with appropriate rules allowing ND input, which this patch allows one to do in LuCI. The spelling is the same as in [1]. [1] Signed-off-by: Aaron Jones --- .../htdocs/luci-static/resources/view/firewall/rules.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js index 4252cf3691..e0c858fc41 100644 --- a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js +++ b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js @@ -247,6 +247,8 @@ return L.view.extend({ o.value('echo-request'); o.value('router-advertisement'); o.value('router-solicitation'); + o.value('neighbour-advertisement'); + o.value('neighbour-solicitation'); o.value('time-exceeded'); o.value('ttl-zero-during-transit'); o.value('ttl-zero-during-reassembly'); -- 2.30.2