diff options
| author | Kali Kaneko <kali@leap.se> | 2014-05-21 08:29:51 -0500 |
|---|---|---|
| committer | Kali Kaneko <kali@leap.se> | 2014-05-21 10:25:26 -0500 |
| commit | 6263dc2799406ee0d7922f2ee40d0602668646db (patch) | |
| tree | 47d2a9f95bf6cd9cd8981fb97a5cbf8948072bb9 | |
| parent | 326fb44d2c494f21cd33b9b30a67f1f814be14bc (diff) | |
block ipv6 traffic
| -rwxr-xr-x | pkg/linux/bitmask-root | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/pkg/linux/bitmask-root b/pkg/linux/bitmask-root index 6badeedd..6d296ecf 100755 --- a/pkg/linux/bitmask-root +++ b/pkg/linux/bitmask-root @@ -765,6 +765,17 @@ def firewall_start(args): "--dport", "53", "--destination", allowed_dns, "--jump", "ACCEPT") + # workaround for ipv6 servers being blocked and not falling back to ipv4. + # See #5693 + ip6tables("--append", "OUTPUT", "--jump", "REJECT", + "-s", "::/0", "-d", "::/0", + "-p", "tcp", + "--reject-with", "icmp6-port-unreachable") + ip6tables("--append", "OUTPUT", "--jump", "REJECT", + "-s", "::/0", "-d", "::/0", + "-p", "udp", + "--reject-with", "icmp6-port-unreachable") + def firewall_stop(): """ |