These are recommended practices by REC-22 and REC-24 of RFC6092:
"Recommended Simple Security Capabilities in Customer Premises Equipment
(CPE) for Providing Residential IPv6 Internet Service"
Fixes FS#640
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
There is no RFC requirement that DHCPv6 servers must reply with a link local
address and some ISP servers in the wild appear to using addresses in the ULA
range to send DHCPv6 offers.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 47048
Seems like my second try was again whitespace broken. Sorry for the noise.
Remove src_port from firewall.config to receive dhcpv6 replies. Fixes#20295.
Signed-off-by: Anselm Eberhardt <a.eberhardt@cygnusnetworks.de>
SVN-Revision: 46842
The WAN port should at least respond to IGMP and MLD queries as
otherwise a snooping bridge/switch might drop traffic.
RFC4890 recommends to leave IGMP and MLD unfiltered as they are always
link-scoped anyways.
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
SVN-Revision: 45613
Yousong Zhou
Jo-Philipp Wich
Steven Barth
Felix Fietkau