2 files changed, 17 insertions, 1 deletions

diff --git a/package/firewall/files/firewall.config b/package/firewall/files/firewall.config
index b47823fe2..5a5dfd018 100644
--- a/package/firewall/files/firewall.config
+++ b/package/firewall/files/firewall.config
@@ -44,6 +44,22 @@ config rule
 	option target		ACCEPT
 
 # Allow essential incoming IPv6 ICMP traffic
+config rule
+	option src		wan
+	option proto	icmp
+	list icmp_type		echo-request
+	list icmp_type		destination-unreachable
+	list icmp_type		packet-too-big
+	list icmp_type		time-exceeded
+	list icmp_type		bad-header
+	list icmp_type		unknown-header-type
+	list icmp_type		router-solicitation
+	list icmp_type		neighbour-solicitation
+	option limit		1000/sec
+	option family		ipv6
+	option target		ACCEPT
+
+# Allow essential forwarded IPv6 ICMP traffic
 config rule                                   
 	option src		wan
 	option dest		*
diff --git a/package/firewall/files/reflection.hotplug b/package/firewall/files/reflection.hotplug
index 15e350082..1feb21075 100644
--- a/package/firewall/files/reflection.hotplug
+++ b/package/firewall/files/reflection.hotplug
@@ -102,7 +102,7 @@ if [ "$ACTION" = "add" ] && [ "$INTERFACE" = "wan" ]; then
 				local p
 				for p in ${proto:-tcp udp}; do
 					case "$p" in
-						tcp|udp)
+						tcp|udp|6|17)
 							iptables -t nat -A nat_reflection_in \
 								-s $lanip/$lanmk -d $exthost \
 								-p $p $extport \