From a8294ed4957841fb6e14d6710d14d4e87d191709 Mon Sep 17 00:00:00 2001
From: Tuomo Soini <tis@foobar.fi>
Date: Tue, 19 Mar 2024 11:11:49 +0200
Subject: [PATCH] AllowICMPs: listener report v2 source must be :: or fe80::/10

rfc3810 section-5

Signed-off-by: Tuomo Soini <tis@foobar.fi>
---
 Shorewall/Actions/action.AllowICMPs | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Shorewall/Actions/action.AllowICMPs b/Shorewall/Actions/action.AllowICMPs
index 65ae35233..9ded6185b 100644
--- a/Shorewall/Actions/action.AllowICMPs
+++ b/Shorewall/Actions/action.AllowICMPs
@@ -30,6 +30,7 @@ DEFAULTS ACCEPT
     @1	fe80::/10	-	ipv6-icmp	131	# Listener report
     @1	fe80::/10	-	ipv6-icmp	132	# Listener done
     @1	fe80::/10	-	ipv6-icmp	router-advertisement
+    @1	::		-	ipv6-icmp	143	# Listener report v2
     @1	fe80::/10	-	ipv6-icmp	143	# Listener report v2
 
 # The following should be received with a ttl of 255 and must be allowed to transit a bridge