AllowICMPs: certificate path solicitation source must be :: or fe80::/10

Signed-off-by: Tuomo Soini <tis@foobar.fi>
This commit is contained in:
Tuomo Soini 2024-03-19 11:15:37 +02:00
parent a8294ed495
commit de23e641f7

View File

@ -34,7 +34,8 @@ DEFAULTS ACCEPT
@1 fe80::/10 - ipv6-icmp 143 # Listener report v2 @1 fe80::/10 - ipv6-icmp 143 # Listener report v2
# The following should be received with a ttl of 255 and must be allowed to transit a bridge # The following should be received with a ttl of 255 and must be allowed to transit a bridge
@1 - - ipv6-icmp 148 # Certificate path solicitation @1 :: - ipv6-icmp 148 # Certificate path solicitation
@1 fe80::/10 - ipv6-icmp 148 # Certificate path solicitation
@1 - - ipv6-icmp 149 # Certificate path advertisement @1 - - ipv6-icmp 149 # Certificate path advertisement
# The following should have a link local source address and a ttl of 1 and must be allowed to transit a bridge # The following should have a link local source address and a ttl of 1 and must be allowed to transit a bridge