firewall3: Make IPv6 ULA-Border generation dynamic

This fixes working behind another router which gives out ULAs.

SVN-Revision: 36416

1 files changed, 7 insertions, 19 deletions

diff --git a/package/network/config/firewall3/files/firewall.config b/package/network/config/firewall3/files/firewall.config
index 6acfe1e86a..fa09b6819e 100644
--- a/package/network/config/firewall3/files/firewall.config
+++ b/package/network/config/firewall3/files/firewall.config
@@ -95,29 +95,17 @@ config rule
 	option family		ipv6
 	option target		ACCEPT
 
-# Block ULA-traffic from leaking out
-config rule
-	option name		Enforce-ULA-Border-Src
-	option src		*
-	option dest		wan
-	option proto		all
-	option src_ip		fc00::/7
-	option family		ipv6
-	option target		REJECT
-
-config rule
-	option name		Enforce-ULA-Border-Dest
-	option src		*
-	option dest		wan
-	option proto		all
-	option dest_ip		fc00::/7
-	option family		ipv6
-	option target		REJECT
-
 # include a file with users custom iptables rules
 config include
 	option path /etc/firewall.user
 
+# include IPv6 ULA-border
+config include
+	option type script
+	option path /usr/share/firewall/ipv6-ula-border.sh
+	option family IPv6
+	option reload 1
+
 
 ### EXAMPLE CONFIG SECTIONS
 # do not allow a specific ip to access wan