projects / openwrt / openwrt.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: df338d6) | patch
firewall: config: add dest addr restrictions for DHCPv6 rules
authorAndy Chiang <[email protected]>
Mon, 27 Oct 2025 01:34:13 +0000 (08:34 +0700)
committerRobert Marko <[email protected]>
Mon, 10 Nov 2025 14:23:16 +0000 (15:23 +0100)
commit4ad22d03429d45f9f5769af58c4521b3ff26815a
tree61790bc8fcfd1b3f7554bd9ac8baf51962279f88tree | snapshot
parentdf338d67d4afe4aa1819b2f04a442b84c75ea8c9commit | diff
firewall: config: add dest addr restrictions for DHCPv6 rules

Some ISPs may use a GUA or other non-LLA as the source addr for the DHCPv6 response, but the destination addr is always LLA (fe80::/10).
Therefore, adding a dest addr restriction improves security.
See https://forum.mikrotik.com/t/xfinity-comcast-dhcpv6-configuration-change/156031/10

Signed-off-by: Andy Chiang <[email protected]>
Link: https://github.com/openwrt/openwrt/pull/20562
Signed-off-by: Robert Marko <[email protected]>
package/network/config/firewall/Makefile diff | blob | history
package/network/config/firewall/files/firewall.config diff | blob | history
OpenWrt Source Repository