Merge remote-tracking branch 'refs/remotes/kali/bug/block-ipv6-workaround' into develop

author: Tomás Touceda <chiiph@leap.se> 2014-05-21 10:45:35 -0300
committer: Tomás Touceda <chiiph@leap.se> 2014-05-21 10:45:35 -0300
commit: 4404db408ef8175f1004dce37e622ee0f410ab98 (patch)
tree: 6b780434aefe9aaf73dd1c0ae48182dc782c8fa0
parent: 415b6e1f58e41ba0b66c24b6a1e93aca039a5e9f (diff)
parent: 7360aa6241607825117b81b32cbd122bdce67beb (diff)
2 files changed, 12 insertions, 0 deletions
diff --git a/changes/bug-block-ipv6-clientside b/changes/bug-block-ipv6-clientside
new file mode 100644
index 00000000..9e6b88c4
--- /dev/null
+++ b/changes/bug-block-ipv6-clientside
@@ -0,0 +1 @@
+- Block ipv6 traffic for the moment. Closes: #5693
diff --git a/pkg/linux/bitmask-root b/pkg/linux/bitmask-root
index 6badeedd..6d296ecf 100755
--- a/pkg/linux/bitmask-root
+++ b/pkg/linux/bitmask-root
@@ -765,6 +765,17 @@ def firewall_start(args):
                   "--dport", "53", "--destination", allowed_dns,
                   "--jump", "ACCEPT")
 
+    # workaround for ipv6 servers being blocked and not falling back to ipv4.
+    # See #5693
+    ip6tables("--append", "OUTPUT", "--jump", "REJECT",
+              "-s", "::/0",  "-d", "::/0",
+              "-p", "tcp",
+              "--reject-with", "icmp6-port-unreachable")
+    ip6tables("--append", "OUTPUT", "--jump", "REJECT",
+              "-s", "::/0",  "-d", "::/0",
+              "-p", "udp",
+              "--reject-with", "icmp6-port-unreachable")
+
 
 def firewall_stop():
     """
author	Tomás Touceda <chiiph@leap.se>	2014-05-21 10:45:35 -0300
committer	Tomás Touceda <chiiph@leap.se>	2014-05-21 10:45:35 -0300
commit	4404db408ef8175f1004dce37e622ee0f410ab98 (patch)
tree	6b780434aefe9aaf73dd1c0ae48182dc782c8fa0
parent	415b6e1f58e41ba0b66c24b6a1e93aca039a5e9f (diff)
parent	7360aa6241607825117b81b32cbd122bdce67beb (diff)