extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-21 02:08:48 +02:00
Code Issues Packages Projects Releases Wiki Activity

Reverse the order of ICMP and Broadcast checking in the default actions

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2016-04-11 11:16:46 -07:00
parent 76a5841fcd
commit 16afd880b2
2 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Shorewall/action.Drop
View File

@ -53,6 +53,9 @@ Auth(@2)
# #
# ACCEPT critical ICMP types # ACCEPT critical ICMP types
# #
# For IPv6 connectivity ipv6-icmp broadcasting is required so
# AllowICMPs must be before silent broadcast Drop.
#
AllowICMPs(@4) - - icmp AllowICMPs(@4) - - icmp
# #
# Don't log broadcasts # Don't log broadcasts

3
Shorewall/action.Reject
View File

@ -52,6 +52,9 @@ Auth(@2)
# #
# ACCEPT critical ICMP types # ACCEPT critical ICMP types
# #
# For IPv6 connectivity ipv6-icmp broadcasting is required so
# AllowICMPs must be before silent broadcast Drop.
#
AllowICMPs(@4) - - icmp AllowICMPs(@4) - - icmp
# #
# Drop Broadcasts so they don't clutter up the log # Drop Broadcasts so they don't clutter up the log