Describe rules for IPv6 NDP better

author: Linus Färnstrand <linus@mullvad.net> 2019-12-11 10:52:03 +0100
committer: Linus Färnstrand <linus@mullvad.net> 2020-01-07 21:50:38 +0100
commit: 4a1587cbac2d803fa46d98b9b455211683f81664 (patch)
tree: fd16c897dd176ee2741d9431b79717b06447038f /docs
parent: 3a7f468b604a25d4da2c88a45b01f4b4b370026b (diff)
download: mullvadvpn-4a1587cbac2d803fa46d98b9b455211683f81664.tar.xz
mullvadvpn-4a1587cbac2d803fa46d98b9b455211683f81664.zip
1 files changed, 3 insertions, 2 deletions
diff --git a/docs/security.md b/docs/security.md
index abdcc4fc12..923d106b4e 100644
--- a/docs/security.md
+++ b/docs/security.md
@@ -59,8 +59,9 @@ The following network traffic is allowed or blocked independent of state:
    * Incoming UDP from `[fe80::]/10:547` to `[fe80::]/10:546` (server to client)
 
 1. Router solicitation, advertisement and redirects (subset of NDP) is always allowed:
-   * Outgoing to `ff02::2`, but only ICMPv6 with type 133 and code 0.
-   * Incoming from `[fe80::]/10`, but only ICMPv6 type 134 or 137 and code 0.
+   * Outgoing to `ff02::2`, but only ICMPv6 with type 133 and code 0 (Router solicitation)
+   * Incoming from `[fe80::]/10`, but only ICMPv6 type 134 and code 0 (Router advertisement)
+   * Incoming from `[fe80::]/10`, but only ICMPv6 type 137 and code 0 (Redirect)
 
 1. If the "Allow LAN" setting is enabled, the following is also allowed:
    * Outgoing to, and incoming from, any IP in an unroutable network, that means:
author	Linus Färnstrand <linus@mullvad.net>	2019-12-11 10:52:03 +0100
committer	Linus Färnstrand <linus@mullvad.net>	2020-01-07 21:50:38 +0100
commit	4a1587cbac2d803fa46d98b9b455211683f81664 (patch)
tree	fd16c897dd176ee2741d9431b79717b06447038f /docs
parent	3a7f468b604a25d4da2c88a45b01f4b4b370026b (diff)
download	mullvadvpn-4a1587cbac2d803fa46d98b9b455211683f81664.tar.xz mullvadvpn-4a1587cbac2d803fa46d98b9b455211683f81664.zip