From: Tiago Gaspar <tiagogaspar8@gmail.com>
Date: Wed, 4 May 2022 09:36:07 +0000 (+0100)
Subject: config: remove restictions on DHCPv6 allow rule
X-Git-Url: http://git.cdn.openwrt.org/?a=commitdiff_plain;h=72b196da6852673a12aa7fb5e251d90bc9a191d4;p=project%2Ffirewall4.git

config: remove restictions on DHCPv6 allow rule

Remove restrictions on source and destination addresses, which aren't
specified on RFC8415, and for some reason in openwrt are configured
to allow both link-local and ULA addresses.
As cleared out in issue #5066 there are some ISPs that use Gloabal
Unicast addresses, so fix this rule to allow them.

Fixes: #5066

Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
---

diff --git a/root/etc/config/firewall b/root/etc/config/firewall
index f4a3322..b9a4647 100644
--- a/root/etc/config/firewall
+++ b/root/etc/config/firewall
@@ -54,13 +54,11 @@ config rule
 	option target		ACCEPT
 
 # Allow DHCPv6 replies
-# see https://dev.openwrt.org/ticket/10381
+# see https://github.com/openwrt/openwrt/issues/5066
 config rule
 	option name		Allow-DHCPv6
 	option src		wan
 	option proto		udp
-	option src_ip		fc00::/6
-	option dest_ip		fc00::/6
 	option dest_port	546
 	option family		ipv6
 	option target		ACCEPT