Merge branch 'master' of ssh://gitlab.com/shorewall/code

Merge from Master
This commit is contained in:
Tom Eastep 2024-04-15 14:42:14 -07:00
commit 17d77ddc84

View File

@ -20,22 +20,23 @@ DEFAULTS ACCEPT
# The following should have a ttl of 255 and must be allowed to transit a bridge # The following should have a ttl of 255 and must be allowed to transit a bridge
@1 - - ipv6-icmp router-solicitation @1 - - ipv6-icmp router-solicitation
@1 - - ipv6-icmp router-advertisement
@1 - - ipv6-icmp neighbour-solicitation @1 - - ipv6-icmp neighbour-solicitation
@1 - - ipv6-icmp neighbour-advertisement @1 - - ipv6-icmp neighbour-advertisement
@1 - - ipv6-icmp 137 # Redirect
@1 - - ipv6-icmp 141 # Inverse neighbour discovery solicitation @1 - - ipv6-icmp 141 # Inverse neighbour discovery solicitation
@1 - - ipv6-icmp 142 # Inverse neighbour discovery advertisement @1 - - ipv6-icmp 142 # Inverse neighbour discovery advertisement
# The following should have a link local source address and must be allowed to transit a bridge # The following must have a link local source address and must be allowed to transit a bridge
@1 fe80::/10 - ipv6-icmp 130 # Listener query @1 fe80::/10 - ipv6-icmp 130 # Listener query
@1 fe80::/10 - ipv6-icmp 131 # Listener report @1 fe80::/10 - ipv6-icmp 131 # Listener report
@1 fe80::/10 - ipv6-icmp 132 # Listener done @1 fe80::/10 - ipv6-icmp 132 # Listener done
@1 fe80::/10 - ipv6-icmp router-advertisement
@1 :: - ipv6-icmp 143 # Listener report v2
@1 fe80::/10 - ipv6-icmp 143 # Listener report v2 @1 fe80::/10 - ipv6-icmp 143 # Listener report v2
# The following should be received with a ttl of 255 and must be allowed to transit a bridge # The following should be received with a ttl of 255 and must be allowed to transit a bridge
@1 - - ipv6-icmp 148 # Certificate path solicitation @1 :: - ipv6-icmp 148 # Certificate path solicitation
@1 - - ipv6-icmp 149 # Certificate path advertisement @1 fe80::/10 - ipv6-icmp 148 # Certificate path solicitation
@1 fe80::/10 - ipv6-icmp 149 # Certificate path advertisement
# The following should have a link local source address and a ttl of 1 and must be allowed to transit a bridge # The following should have a link local source address and a ttl of 1 and must be allowed to transit a bridge
@1 fe80::/10 - ipv6-icmp 151 # Multicast router advertisement @1 fe80::/10 - ipv6-icmp 151 # Multicast router advertisement