diff options
Diffstat (limited to 'config/ap.nix')
-rw-r--r-- | config/ap.nix | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/config/ap.nix b/config/ap.nix index eadd086..23beeed 100644 --- a/config/ap.nix +++ b/config/ap.nix @@ -25,6 +25,7 @@ in domain ip6 table filter chain INPUT { proto ipv6-icmp ACCEPT; + proto udp dport (dhcpv6-client dhcpv6-server) ACCEPT; } domain (ip ip6) table filter { @@ -54,6 +55,14 @@ in } } + domain ip6 table filter chain INPUT { + chain logdrop { + LOG log-level warning log-prefix "dropped-6 "; + DROP; + } + jump logdrop; + } + domain ip table nat { chain POSTROUTING { saddr $NET_LAN outerface $DEV_WAN MASQUERADE; @@ -93,9 +102,10 @@ in extraConfig = '' debug noipv6rs + denyinterfaces ${lan-dev} interface ${wan-dev} ipv6rs - ia_na 1 + ia_na 1 ia_pd 2 ${lan-dev}/0 ''; }; |