block ipv6 traffic

author: Kali Kaneko <kali@leap.se> 2014-05-21 08:29:51 -0500
committer: Kali Kaneko <kali@leap.se> 2014-05-21 10:25:26 -0500
commit: 6263dc2799406ee0d7922f2ee40d0602668646db (patch)
tree: 47d2a9f95bf6cd9cd8981fb97a5cbf8948072bb9 /pkg/linux/bitmask-root
parent: 326fb44d2c494f21cd33b9b30a67f1f814be14bc (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/pkg/linux/bitmask-root b/pkg/linux/bitmask-root
index 6badeedd..6d296ecf 100755
--- a/pkg/linux/bitmask-root
+++ b/pkg/linux/bitmask-root
@@ -765,6 +765,17 @@ def firewall_start(args):
                   "--dport", "53", "--destination", allowed_dns,
                   "--jump", "ACCEPT")
 
+    # workaround for ipv6 servers being blocked and not falling back to ipv4.
+    # See #5693
+    ip6tables("--append", "OUTPUT", "--jump", "REJECT",
+              "-s", "::/0",  "-d", "::/0",
+              "-p", "tcp",
+              "--reject-with", "icmp6-port-unreachable")
+    ip6tables("--append", "OUTPUT", "--jump", "REJECT",
+              "-s", "::/0",  "-d", "::/0",
+              "-p", "udp",
+              "--reject-with", "icmp6-port-unreachable")
+
 
 def firewall_stop():
     """
author	Kali Kaneko <kali@leap.se>	2014-05-21 08:29:51 -0500
committer	Kali Kaneko <kali@leap.se>	2014-05-21 10:25:26 -0500
commit	6263dc2799406ee0d7922f2ee40d0602668646db (patch)
tree	47d2a9f95bf6cd9cd8981fb97a5cbf8948072bb9 /pkg/linux/bitmask-root
parent	326fb44d2c494f21cd33b9b30a67f1f814be14bc (diff)