diff options
| -rw-r--r-- | talpid-core/src/firewall/mod.rs | 3 | ||||
| -rw-r--r-- | windows/winfw/src/winfw/rules/baseline/permitlan.cpp | 2 | ||||
| -rw-r--r-- | windows/winfw/src/winfw/rules/baseline/permitlanservice.cpp | 2 |
3 files changed, 6 insertions, 1 deletions
diff --git a/talpid-core/src/firewall/mod.rs b/talpid-core/src/firewall/mod.rs index 9c81dd63df..9a02321031 100644 --- a/talpid-core/src/firewall/mod.rs +++ b/talpid-core/src/firewall/mod.rs @@ -31,12 +31,13 @@ pub use self::imp::Error; #[cfg(unix)] lazy_static! { /// When "allow local network" is enabled the app will allow traffic to and from these networks. - pub(crate) static ref ALLOWED_LAN_NETS: [IpNetwork; 5] = [ + pub(crate) static ref ALLOWED_LAN_NETS: [IpNetwork; 6] = [ IpNetwork::V4(Ipv4Network::new(Ipv4Addr::new(10, 0, 0, 0), 8).unwrap()), IpNetwork::V4(Ipv4Network::new(Ipv4Addr::new(172, 16, 0, 0), 12).unwrap()), IpNetwork::V4(Ipv4Network::new(Ipv4Addr::new(192, 168, 0, 0), 16).unwrap()), IpNetwork::V4(Ipv4Network::new(Ipv4Addr::new(169, 254, 0, 0), 16).unwrap()), IpNetwork::V6(Ipv6Network::new(Ipv6Addr::new(0xfe80, 0, 0, 0, 0, 0, 0, 0), 10).unwrap()), + IpNetwork::V6(Ipv6Network::new(Ipv6Addr::new(0xfd00, 0, 0, 0, 0, 0, 0, 0), 8).unwrap()), ]; /// When "allow local network" is enabled the app will allow traffic to these networks. pub(crate) static ref ALLOWED_LAN_MULTICAST_NETS: [IpNetwork; 5] = [ diff --git a/windows/winfw/src/winfw/rules/baseline/permitlan.cpp b/windows/winfw/src/winfw/rules/baseline/permitlan.cpp index b9a24cf038..f0038f2421 100644 --- a/windows/winfw/src/winfw/rules/baseline/permitlan.cpp +++ b/windows/winfw/src/winfw/rules/baseline/permitlan.cpp @@ -90,8 +90,10 @@ bool PermitLan::applyIpv6(IObjectInstaller &objectInstaller) const wfp::ConditionBuilder conditionBuilder(FWPM_LAYER_ALE_AUTH_CONNECT_V6); const wfp::IpNetwork linkLocal(wfp::IpAddress::Literal6({ 0xFE80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0 }), 10); + const wfp::IpNetwork uniqueLocal(wfp::IpAddress::Literal6({ 0xFD00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0 }), 8); conditionBuilder.add_condition(ConditionIp::Remote(linkLocal)); + conditionBuilder.add_condition(ConditionIp::Remote(uniqueLocal)); if (!objectInstaller.addFilter(filterBuilder, conditionBuilder)) { diff --git a/windows/winfw/src/winfw/rules/baseline/permitlanservice.cpp b/windows/winfw/src/winfw/rules/baseline/permitlanservice.cpp index 7534e08462..041afd5492 100644 --- a/windows/winfw/src/winfw/rules/baseline/permitlanservice.cpp +++ b/windows/winfw/src/winfw/rules/baseline/permitlanservice.cpp @@ -66,8 +66,10 @@ bool PermitLanService::applyIpv6(IObjectInstaller &objectInstaller) const wfp::ConditionBuilder conditionBuilder(FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V6); const wfp::IpNetwork linkLocal(wfp::IpAddress::Literal6{ 0xFE80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0 }, 10); + const wfp::IpNetwork uniqueLocal(wfp::IpAddress::Literal6({ 0xFD00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0 }), 8); conditionBuilder.add_condition(ConditionIp::Remote(linkLocal)); + conditionBuilder.add_condition(ConditionIp::Remote(uniqueLocal)); return objectInstaller.addFilter(filterBuilder, conditionBuilder); } |