## Take the various IP versions in turn.
unref=nil
for ip in ip ip6; do
+ if [ "$FW_NOACT" ]; then break; fi
+
for table in $(cat /proc/net/${ip}_tables_names); do
## Step 1: clear out the builtin chains.
## Set forwarding options. Apparently setting ip_forward clobbers other
## settings, so put this first.
case $host_type_<::>FWHOST in
- router) forward=1 ;;
- *) forward=0 ;;
+ router) forward=1 host=0 ;;
+ server) forward=0 host=0 ;;
+ client) forward=0 host=1 ;;
esac
setopt ip_forward $forward
setdevopt forwarding $forward
+for i in \
+ accept_ra accept_ra_defrtr accept_ra_pinfo accept_ra_info_max_plen
+do
+ setdevopt $i $host
+done
case $forward in
0) inchains="INPUT" ;;
1) inchains="INPUT FORWARD" ;;
run ip6tables -A check-fwd-multi -g bad-destination-address \
-d ff${x}2::/16
done
- ip6tables -A FORWARD -j check-fwd-multi -d ff00::/8
+ run ip6tables -A FORWARD -j check-fwd-multi -d ff00::/8
;;
esac