Add CG-NAT address space to non-routable list
Mmake dhcp filter stricter
Signed-off-by: Andris PE <redacted>
PKG_NAME:=bcp38
PKG_VERSION:=5
-PKG_RELEASE:=11
+PKG_RELEASE:=12
PKG_LICENSE:=GPL-3.0-or-later
include $(INCLUDE_DIR)/package.mk
list match '10.0.0.0/8' # RFC 1918
list match '172.16.0.0/12' # RFC 1918
list match '169.254.0.0/16' # RFC 3927
+ list match '100.64.0.0/10' # RFC 6598
# list nomatch '172.26.0.0/21' # Example of something not to match
# There is a dhcp trigger to do this for the netmask of a
nft add chain "$FAMILY" "$TABLE" "$CHAIN" 2>/dev/null
nft flush chain "$FAMILY" "$TABLE" "$CHAIN" 2>/dev/null
- nft add rule "$FAMILY" "$TABLE" "$CHAIN" udp dport {67,68} udp sport {67,68} counter return comment \"always accept DHCP traffic\"
+ nft add rule "$FAMILY" "$TABLE" "$CHAIN" udp sport . udp dport { 68 . 67, 67 . 68 } counter return comment \"always accept DHCP traffic\"
nft add rule "$FAMILY" "$TABLE" "$CHAIN" oifname $interface ip daddr @"$MATCHSET" ip daddr != @"$NOMATCHSET" counter reject with icmp type host-unreachable
nft add rule "$FAMILY" "$TABLE" "$CHAIN" iifname $interface ip saddr @"$MATCHSET" ip saddr != @"$NOMATCHSET" counter drop
git.99rst.org / openwrt-packages.git / commitdiff