diff options
author | Tomás Touceda <chiiph@leap.se> | 2014-05-21 10:45:35 -0300 |
---|---|---|
committer | Tomás Touceda <chiiph@leap.se> | 2014-05-21 10:45:35 -0300 |
commit | 4404db408ef8175f1004dce37e622ee0f410ab98 (patch) | |
tree | 6b780434aefe9aaf73dd1c0ae48182dc782c8fa0 | |
parent | 415b6e1f58e41ba0b66c24b6a1e93aca039a5e9f (diff) | |
parent | 7360aa6241607825117b81b32cbd122bdce67beb (diff) |
Merge remote-tracking branch 'refs/remotes/kali/bug/block-ipv6-workaround' into develop
-rw-r--r-- | changes/bug-block-ipv6-clientside | 1 | ||||
-rwxr-xr-x | pkg/linux/bitmask-root | 11 |
2 files changed, 12 insertions, 0 deletions
diff --git a/changes/bug-block-ipv6-clientside b/changes/bug-block-ipv6-clientside new file mode 100644 index 00000000..9e6b88c4 --- /dev/null +++ b/changes/bug-block-ipv6-clientside @@ -0,0 +1 @@ +- Block ipv6 traffic for the moment. Closes: #5693 diff --git a/pkg/linux/bitmask-root b/pkg/linux/bitmask-root index 6badeedd..6d296ecf 100755 --- a/pkg/linux/bitmask-root +++ b/pkg/linux/bitmask-root @@ -765,6 +765,17 @@ def firewall_start(args): "--dport", "53", "--destination", allowed_dns, "--jump", "ACCEPT") + # workaround for ipv6 servers being blocked and not falling back to ipv4. + # See #5693 + ip6tables("--append", "OUTPUT", "--jump", "REJECT", + "-s", "::/0", "-d", "::/0", + "-p", "tcp", + "--reject-with", "icmp6-port-unreachable") + ip6tables("--append", "OUTPUT", "--jump", "REJECT", + "-s", "::/0", "-d", "::/0", + "-p", "udp", + "--reject-with", "icmp6-port-unreachable") + def firewall_stop(): """ |