X-Git-Url: https://git.distorted.org.uk/~mdw/firewall/blobdiff_plain/d052f3435f85d5b61ace87e158f77b7f37080395..994ac8d0782c89a636f47b02a2dc096c72ff58c5:/functions.m4

diff --git a/functions.m4 b/functions.m4
index c0b90ed..765a94d 100644
--- a/functions.m4
+++ b/functions.m4
@@ -239,7 +239,8 @@ m4_divert(38)m4_dnl
 run ip6tables -N accept-non-init-frag
 run ip6tables -A accept-non-init-frag -j RETURN \
 	-m frag --fragfirst
-run ip6tables -A accept-non-init-frag -j ACCEPT
+run ip6tables -A accept-non-init-frag -j ACCEPT \
+	-m ipv6header --header frag
 
 m4_divert(20)m4_dnl
 ## allowservices CHAIN PROTO SERVICE ...
@@ -300,8 +301,11 @@ ntpclient () {
   ntpchain=$1; shift
 
   clearchain ntp-servers
-  for ntp; do run iptables -A ntp-servers -j ACCEPT -s $ntp; done
-  run iptables -A $ntpchain -j ntp-servers \
+  for ntp; do
+    case $ntp in *:*) ipt=ip6tables ;; *) ipt=iptables ;; esac
+    run $ipt -A ntp-servers -j ACCEPT -s $ntp;
+  done
+  run ip46tables -A $ntpchain -j ntp-servers \
 	  -p udp --source-port 123 --destination-port 123
 }