block ipv6 traffic

author: Kali Kaneko <kali@leap.se> 2014-05-21 08:29:51 -0500
committer: Kali Kaneko <kali@leap.se> 2014-05-21 08:32:13 -0500
commit: 9ff5e5e8db715d84b5ae369cc59aa991cea3893c (patch)
tree: b17064d85635dd856d590417c86ade017d2590b9 /pkg/linux
parent: 415b6e1f58e41ba0b66c24b6a1e93aca039a5e9f (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/pkg/linux/bitmask-root b/pkg/linux/bitmask-root
index 6badeedd..6d296ecf 100755
--- a/pkg/linux/bitmask-root
+++ b/pkg/linux/bitmask-root
@@ -765,6 +765,17 @@ def firewall_start(args):
                   "--dport", "53", "--destination", allowed_dns,
                   "--jump", "ACCEPT")
 
+    # workaround for ipv6 servers being blocked and not falling back to ipv4.
+    # See #5693
+    ip6tables("--append", "OUTPUT", "--jump", "REJECT",
+              "-s", "::/0",  "-d", "::/0",
+              "-p", "tcp",
+              "--reject-with", "icmp6-port-unreachable")
+    ip6tables("--append", "OUTPUT", "--jump", "REJECT",
+              "-s", "::/0",  "-d", "::/0",
+              "-p", "udp",
+              "--reject-with", "icmp6-port-unreachable")
+
 
 def firewall_stop():
     """
author	Kali Kaneko <kali@leap.se>	2014-05-21 08:29:51 -0500
committer	Kali Kaneko <kali@leap.se>	2014-05-21 08:32:13 -0500
commit	9ff5e5e8db715d84b5ae369cc59aa991cea3893c (patch)
tree	b17064d85635dd856d590417c86ade017d2590b9 /pkg/linux
parent	415b6e1f58e41ba0b66c24b6a1e93aca039a5e9f (diff)