X-Git-Url: https://git.rohieb.name/openwrt.git/blobdiff_plain/4eff224df39618193db21c29b284404e07f1f306..2ed51448ae64a1c4883ce7c76befce1f357b457e:/package/firewall/files/firewall.config

diff --git a/package/firewall/files/firewall.config b/package/firewall/files/firewall.config
index c852f4b00..b47823fe2 100644
--- a/package/firewall/files/firewall.config
+++ b/package/firewall/files/firewall.config
@@ -8,23 +8,23 @@ config defaults
 
 config zone
 	option name		lan
-	option network	'lan'
-	option input	ACCEPT 
-	option output	ACCEPT 
-	option forward	REJECT
+	option network		'lan'
+	option input		ACCEPT 
+	option output		ACCEPT 
+	option forward		REJECT
 
 config zone
 	option name		wan
-	option network	'wan'
-	option input	REJECT
-	option output	ACCEPT 
-	option forward	REJECT
+	option network		'wan'
+	option input		REJECT
+	option output		ACCEPT 
+	option forward		REJECT
 	option masq		1 
-	option mtu_fix	1
+	option mtu_fix		1
 
 config forwarding 
-	option src      lan
-	option dest     wan
+	option src      	lan
+	option dest     	wan
 
 # We need to accept udp packets on port 68,
 # see https://dev.openwrt.org/ticket/4108
@@ -33,14 +33,30 @@ config rule
 	option proto		udp
 	option dest_port	68
 	option target		ACCEPT
-	option family	ipv4
+	option family		ipv4
 
-#Allow ping
+# Allow IPv4 ping
 config rule
-	option src wan
-	option proto icmp
-	option icmp_type echo-request
-	option target ACCEPT
+	option src		wan
+	option proto		icmp
+	option icmp_type	echo-request
+	option family		ipv4
+	option target		ACCEPT
+
+# Allow essential incoming IPv6 ICMP traffic
+config rule                                   
+	option src		wan
+	option dest		*
+	option proto		icmp
+	list icmp_type		echo-request
+	list icmp_type		destination-unreachable
+	list icmp_type		packet-too-big
+	list icmp_type		time-exceeded
+	list icmp_type		bad-header
+	list icmp_type		unknown-header-type
+	option limit		1000/sec
+	option family		ipv6
+	option target		ACCEPT
 
 # include a file with users custom iptables rules
 config include