diff options
| author | Kjetil Orbekk <kjetil.orbekk@gmail.com> | 2019-10-21 21:27:11 -0400 |
|---|---|---|
| committer | Kjetil Orbekk <kjetil.orbekk@gmail.com> | 2019-10-21 21:27:11 -0400 |
| commit | 69f6f4d8db75c99a7aaa879247dd001f1e31e552 (patch) | |
| tree | 684549ef436d8922caa2a1d28970d067071bf350 | |
| parent | e50885e86989b7504636db521cf4819e396ed769 (diff) | |
fix ipv6 config
| -rw-r--r-- | config/ap.nix | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/config/ap.nix b/config/ap.nix index eadd086..23beeed 100644 --- a/config/ap.nix +++ b/config/ap.nix @@ -25,6 +25,7 @@ in domain ip6 table filter chain INPUT { proto ipv6-icmp ACCEPT; + proto udp dport (dhcpv6-client dhcpv6-server) ACCEPT; } domain (ip ip6) table filter { @@ -54,6 +55,14 @@ in } } + domain ip6 table filter chain INPUT { + chain logdrop { + LOG log-level warning log-prefix "dropped-6 "; + DROP; + } + jump logdrop; + } + domain ip table nat { chain POSTROUTING { saddr $NET_LAN outerface $DEV_WAN MASQUERADE; @@ -93,9 +102,10 @@ in extraConfig = '' debug noipv6rs + denyinterfaces ${lan-dev} interface ${wan-dev} ipv6rs - ia_na 1 + ia_na 1 ia_pd 2 ${lan-dev}/0 ''; }; |