From 69f6f4d8db75c99a7aaa879247dd001f1e31e552 Mon Sep 17 00:00:00 2001
From: Kjetil Orbekk <kjetil.orbekk@gmail.com>
Date: Mon, 21 Oct 2019 21:27:11 -0400
Subject: fix ipv6 config

---
 config/ap.nix | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/config/ap.nix b/config/ap.nix
index eadd086..23beeed 100644
--- a/config/ap.nix
+++ b/config/ap.nix
@@ -25,6 +25,7 @@ in
 
       domain ip6 table filter chain INPUT {
         proto ipv6-icmp ACCEPT;
+        proto udp dport (dhcpv6-client dhcpv6-server) ACCEPT;
       }
 
       domain (ip ip6) table filter {
@@ -54,6 +55,14 @@ in
         }
       }
 
+      domain ip6 table filter chain INPUT {
+        chain logdrop { 
+          LOG log-level warning log-prefix "dropped-6 "; 
+          DROP;
+        }
+        jump logdrop;
+      }
+
       domain ip table nat {
         chain POSTROUTING {
           saddr $NET_LAN outerface $DEV_WAN MASQUERADE;
@@ -93,9 +102,10 @@ in
     extraConfig = ''
       debug
       noipv6rs
+      denyinterfaces ${lan-dev}
       interface ${wan-dev}
         ipv6rs
-        ia_na 1
+	ia_na 1
         ia_pd 2 ${lan-dev}/0
     '';
   };
-- 
cgit v1.2.3