X-Git-Url: https://git.distorted.org.uk/~mdw/firewall/blobdiff_plain/f0033e0790c7f01b23f24504d3685cbaffc90f1f..dc0051506301c0bcaf56081e9404c92dfdb70c7a:/bookends.m4?ds=inline

diff --git a/bookends.m4 b/bookends.m4
index 6faa91b..a10608d 100644
--- a/bookends.m4
+++ b/bookends.m4
@@ -106,11 +106,17 @@ m4_divert(32)m4_dnl
 ## Set forwarding options.  Apparently setting ip_forward clobbers other
 ## settings, so put this first.
 case $host_type_<::>FWHOST in
-  router) forward=1 ;;
-  *) forward=0 ;;
+  router) forward=1 host=0 ;;
+  server) forward=0 host=0 ;;
+  client) forward=0 host=1 ;;
 esac
 setopt ip_forward $forward
 setdevopt forwarding $forward
+for i in \
+  accept_ra accept_ra_defrtr accept_ra_pinfo accept_ra_info_max_plen
+do
+  setdevopt $i $host
+done
 case $forward in
   0) inchains="INPUT" ;;
   1) inchains="INPUT FORWARD" ;;
@@ -211,10 +217,12 @@ case $forward in
 	    -m addrtype --dst-type BROADCAST
     run iptables -A FORWARD -g bad-destination-address \
 	    -d 224.0.0.0/24
+    clearchain check-fwd-multi
     for x in 0 1 2 3 4 5 6 7 8 9 a b c d e f; do
-      run ip6tables -A FORWARD -g bad-destination-address \
-	    -d fe${x}2::/16
+      run ip6tables -A check-fwd-multi -g bad-destination-address \
+	    -d ff${x}2::/16
     done
+    ip6tables -A FORWARD -j check-fwd-multi -d ff00::/8
     ;;
 esac