From 0e13e6c4f4f64c301dfbc085b7dda54f77fadce0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Linus=20L=C3=BCssing?= <linus.luessing@c0d3.blue>
Date: Sat, 5 Sep 2015 04:54:09 +0200
Subject: [PATCH] backport: "firewall: Allow IGMP and MLD input on WAN"
 (r45613)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Backport the according modifications to the default firewall settings of
the WAN interface from OpenWRT, revision 45613.

Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
---
 .../files/lib/gluon/upgrade/110-network       | 26 +++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/package/gluon-core/files/lib/gluon/upgrade/110-network b/package/gluon-core/files/lib/gluon/upgrade/110-network
index d83f6d65..2dc80be7 100755
--- a/package/gluon-core/files/lib/gluon/upgrade/110-network
+++ b/package/gluon-core/files/lib/gluon/upgrade/110-network
@@ -56,5 +56,31 @@ uci:save('network')
 uci:commit('network')
 
 
+uci:section('firewall', 'rule', 'wan_igmp',
+	    {
+	       name = 'Allow-IGMP',
+	       src = 'wan',
+	       proto = 'igmp',
+	       family = 'ipv4',
+	       target = 'ACCEPT',
+	    }
+)
+
+uci:section('firewall', 'rule', 'wan_mld',
+	    {
+	       name = 'Allow-MLD',
+	       src = 'wan',
+	       proto = 'icmp',
+	       src_ip = 'fe80::/10',
+	       icmp_type = { '130/0', '131/0', '143/0', },
+	       family = 'ipv6',
+	       target = 'ACCEPT',
+	    }
+)
+
+uci:save('firewall')
+uci:commit('firewall')
+
+
 sysctl.set('net.ipv6.conf.all.accept_ra', 0)
 sysctl.set('net.ipv6.conf.default.accept_ra', 0)