diff options
author | Nikolay Amiantov <ab@fmap.me> | 2017-01-14 19:01:19 +0300 |
---|---|---|
committer | Nikolay Amiantov <ab@fmap.me> | 2017-01-15 19:38:54 +0300 |
commit | 820b4cd067c3965f219b135adf773e3ea334774d (patch) | |
tree | 0bcac0e0bb7273f3c1716e5f4cfa27a67f5ad346 /nixos | |
parent | cb418318a046abc282ab14d98f469d3e2d264a58 (diff) |
firewall service: allow DHCPv6 client traffic
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/services/networking/firewall.nix | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/nixos/modules/services/networking/firewall.nix b/nixos/modules/services/networking/firewall.nix index 1c0ea5034df3d..ea406864fd3f7 100644 --- a/nixos/modules/services/networking/firewall.nix +++ b/nixos/modules/services/networking/firewall.nix @@ -172,13 +172,16 @@ let }-j nixos-fw-accept ''} - # Accept all ICMPv6 messages except redirects and node - # information queries (type 139). See RFC 4890, section - # 4.4. ${optionalString config.networking.enableIPv6 '' + # Accept all ICMPv6 messages except redirects and node + # information queries (type 139). See RFC 4890, section + # 4.4. ip6tables -A nixos-fw -p icmpv6 --icmpv6-type redirect -j DROP ip6tables -A nixos-fw -p icmpv6 --icmpv6-type 139 -j DROP ip6tables -A nixos-fw -p icmpv6 -j nixos-fw-accept + + # Allow this host to act as a DHCPv6 client + ip6tables -A nixos-fw -d fe80::/64 -p udp --dport 546 -j nixos-fw-accept ''} ${cfg.extraCommands} |