diff options
| -rw-r--r-- | changes/bug-block-ipv6-clientside | 1 | ||||
| -rwxr-xr-x | pkg/linux/bitmask-root | 11 |
2 files changed, 12 insertions, 0 deletions
diff --git a/changes/bug-block-ipv6-clientside b/changes/bug-block-ipv6-clientside new file mode 100644 index 00000000..9e6b88c4 --- /dev/null +++ b/changes/bug-block-ipv6-clientside @@ -0,0 +1 @@ +- Block ipv6 traffic for the moment. Closes: #5693 diff --git a/pkg/linux/bitmask-root b/pkg/linux/bitmask-root index 6badeedd..6d296ecf 100755 --- a/pkg/linux/bitmask-root +++ b/pkg/linux/bitmask-root @@ -765,6 +765,17 @@ def firewall_start(args): "--dport", "53", "--destination", allowed_dns, "--jump", "ACCEPT") + # workaround for ipv6 servers being blocked and not falling back to ipv4. + # See #5693 + ip6tables("--append", "OUTPUT", "--jump", "REJECT", + "-s", "::/0", "-d", "::/0", + "-p", "tcp", + "--reject-with", "icmp6-port-unreachable") + ip6tables("--append", "OUTPUT", "--jump", "REJECT", + "-s", "::/0", "-d", "::/0", + "-p", "udp", + "--reject-with", "icmp6-port-unreachable") + def firewall_stop(): """ |