Home Explore Help
Sign In
labriqueinternet
/
vpnclient_ynh
mirror of https://github.com/labriqueinternet/vpnclient_ynh
3
0
Fork 0
Files
Browse Source

Allow icmpv6 neighbor-solicitation

On my statically-configured instance, the neighbor-solicitation packets to the
gateway have a link local fe80:: source address and the global unicast address
of the gateway as destination.
Chl 3 years ago
parent
62ee1192bf
commit
c1f50b4de7
1 changed files with 1 additions and 0 deletions
Split View Show Diff Stats
  1. 1 0
      conf/hook_post-iptable-rules

+ 1 - 0
conf/hook_post-iptable-rules
View File 

@@ -43,6 +43,7 @@ do
 
 done
 
 
 ip6tables -w -A vpnclient_out -d fd00::/8,fe80::/10 -j ACCEPT
 
+ip6tables -w -A vpnclient_out -s fe80::/10 -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT
 
 ip6tables -w -A vpnclient_out -p udp --dport 5353 -d ff02::fb -j ACCEPT
 
 ip6tables -w -A vpnclient_out -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 
 ip6tables -w -A vpnclient_out -j DROP