Modify

Opened 5 years ago

Last modified 5 years ago

#13820 new defect

firewall: Separate v4 and v6 WAN in default firewall config

Reported by: anonymous Owned by: developers
Priority: normal Milestone: Attitude Adjustment 12.09.1
Component: packages Version: Attitude Adjustment 12.09
Keywords: firewall3 firewall Cc:

Description

This is just a proposal for review: create a separate v6 zone for WAN, like the following example.

config zone
        option name 'wan'
        option network 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option family 'ipv4'

config zone
        option name 'wan6'
        option network 'wan6'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option family 'ipv6'

Advantages are:
*v6 WAN does not need masquerading
*Rules with virtual interfaces like 6in4 will not be created as redundant lines in v6 chains

Attachments (0)

Change History (1)

comment:1 Changed 5 years ago by anonymous

Sorry, I meant to say:

*Rules with virtual interfaces like 6in4 will not be created as redundant lines in v4 chains

Add Comment

Modify Ticket

Action
as new .
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.