run iptables -A fwd-spec-nofrag -j RETURN --fragment
run ip6tables -A fwd-spec-nofrag -j RETURN \
-m ipv6header --soft --header frag
- run iptables -A FORWARD -j fwd-spec-nofrag
+ run ip46tables -A FORWARD -j fwd-spec-nofrag
## Allow ping from safe/noloop to untrusted networks.
run iptables -A fwd-spec-nofrag -j ACCEPT \
-m mark --mark $from_untrusted/$MASK_FROM \
-m state --state ESTABLISHED
run ip6tables -A fwd-spec-nofrag -j ACCEPT \
- -p ipv6-icmp --icmpv6-type echo-request \
+ -p icmpv6 --icmpv6-type echo-request \
-m mark --mark $to_untrusted/$MASK_TO
run ip6tables -A fwd-spec-nofrag -j ACCEPT \
- -p ipv6-icmp --icmpv6-type echo-reply \
+ -p icmpv6 --icmpv6-type echo-reply \
-m mark --mark $from_untrusted/$MASK_FROM \
-m state --state ESTABLISHED