AllowICMPs: certificate path advertisment source must be fe80::/10

Signed-off-by: Tuomo Soini <tis@foobar.fi>
This commit is contained in:
Tuomo Soini 2024-03-19 11:17:00 +02:00
parent de23e641f7
commit 5a66c1d9d6

View File

@ -36,7 +36,7 @@ DEFAULTS ACCEPT
# The following should be received with a ttl of 255 and must be allowed to transit a bridge # The following should be received with a ttl of 255 and must be allowed to transit a bridge
@1 :: - ipv6-icmp 148 # Certificate path solicitation @1 :: - ipv6-icmp 148 # Certificate path solicitation
@1 fe80::/10 - ipv6-icmp 148 # Certificate path solicitation @1 fe80::/10 - ipv6-icmp 148 # Certificate path solicitation
@1 - - ipv6-icmp 149 # Certificate path advertisement @1 fe80::/10 - ipv6-icmp 149 # Certificate path advertisement
# The following should have a link local source address and a ttl of 1 and must be allowed to transit a bridge # The following should have a link local source address and a ttl of 1 and must be allowed to transit a bridge
@1 fe80::/10 - ipv6-icmp 151 # Multicast router advertisement @1 fe80::/10 - ipv6-icmp 151 # Multicast router advertisement