mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-21 23:23:13 +01:00
AllowICMPs: allowing redirects is a security issue and not required
Also redirect source must be fe80::/10 Signed-off-by: Tuomo Soini <tis@foobar.fi>
This commit is contained in:
parent
aae5baedfd
commit
0de5e88018
@ -23,7 +23,6 @@ DEFAULTS ACCEPT
|
|||||||
@1 - - ipv6-icmp router-advertisement
|
@1 - - ipv6-icmp router-advertisement
|
||||||
@1 - - ipv6-icmp neighbour-solicitation
|
@1 - - ipv6-icmp neighbour-solicitation
|
||||||
@1 - - ipv6-icmp neighbour-advertisement
|
@1 - - ipv6-icmp neighbour-advertisement
|
||||||
@1 - - ipv6-icmp 137 # Redirect
|
|
||||||
@1 - - ipv6-icmp 141 # Inverse neighbour discovery solicitation
|
@1 - - ipv6-icmp 141 # Inverse neighbour discovery solicitation
|
||||||
@1 - - ipv6-icmp 142 # Inverse neighbour discovery advertisement
|
@1 - - ipv6-icmp 142 # Inverse neighbour discovery advertisement
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user