Hi Steven, On Sun, May 03, 2015 at 04:43:24PM +0200, Steven Barth wrote: > Hello Linus, > > thanks for the patch. I have two questions here. > > #1 Why should this be done for v6 but not for v4?
woops, sorry, had the IGMP part for v4 in my test setup but forgot to add it to the patch. Going to do that. > > #2 If the intention is to respond to MLD queries why should the > firewall allow reception of report messages? Yes, responding to queries is the primary concern. Technically, it doesn't make much of a difference to allow reception report messages. The default in OpenWRT is to have the querier on the bridge, so reports shouldn't arrive on the input chain of br-wan anyways as the bridge won't forward them (see RFC4541, "Considerations for Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) Snooping Switches"). On the other hand, there's RFC4890, "Recommendations for Filtering ICMPv6 Messages in Firewalls" which says in section 4.3.3, that firewalls mustn't drop either queries nor reports. MLD/IGMP traffic shouldn't do any harm as it's always link-scoped. Cheers, Linus _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
