From 98f3f63842ce450096a0af8ee7c81608374054de Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Linus=20L=C3=BCssing?= Date: Sat, 1 May 2021 22:34:38 +0200 Subject: [PATCH] gluon-ebtables-filter-multicast: relax IPv6 multicast firewall rules MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Allow the transmission of IPv6 multicast packets as long as they are not flooded through the whole mesh. Signed-off-by: Linus Lüssing --- .../luasrc/lib/gluon/ebtables/355-mcast-drop | 2 ++ .../gluon-mesh-batman-adv/files/lib/netifd/proto/gluon_bat0.sh | 1 + 2 files changed, 3 insertions(+) diff --git a/package/gluon-ebtables-filter-multicast/luasrc/lib/gluon/ebtables/355-mcast-drop b/package/gluon-ebtables-filter-multicast/luasrc/lib/gluon/ebtables/355-mcast-drop index 46ac01a5..a47dda7e 100644 --- a/package/gluon-ebtables-filter-multicast/luasrc/lib/gluon/ebtables/355-mcast-drop +++ b/package/gluon-ebtables-filter-multicast/luasrc/lib/gluon/ebtables/355-mcast-drop @@ -1 +1,3 @@ +rule ('MULTICAST_OUT -p IPv6 --ip6-dst ff02::1/128 -j DROP') +rule ('MULTICAST_OUT -p IPv6 --ip6-dst ff00::/8 -j mark --set-mark 0x4 --mark-target RETURN') rule ('MULTICAST_OUT -j DROP') diff --git a/package/gluon-mesh-batman-adv/files/lib/netifd/proto/gluon_bat0.sh b/package/gluon-mesh-batman-adv/files/lib/netifd/proto/gluon_bat0.sh index 297aa5db..737cac62 100755 --- a/package/gluon-mesh-batman-adv/files/lib/netifd/proto/gluon_bat0.sh +++ b/package/gluon-mesh-batman-adv/files/lib/netifd/proto/gluon_bat0.sh @@ -47,6 +47,7 @@ proto_gluon_bat0_setup() { batctl orig_interval 5000 batctl hop_penalty "$(lookup_uci 'gluon.mesh_batman_adv.hop_penalty' 15)" + batctl noflood_mark 0x4/0x4 case "$gw_mode" in server)