extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-21 15:13:10 +01:00
Code Issues Packages Projects Releases Wiki Activity

AllowICMPs: router-advertisment source must be fe80::/10

Browse Source 
Signed-off-by: Tuomo Soini <tis@foobar.fi>
This commit is contained in:
Tuomo Soini 2024-03-19 11:04:36 +02:00
parent 0de5e88018
commit 393cd5043d
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Shorewall/Actions/action.AllowICMPs
View File

@ -20,16 +20,16 @@ DEFAULTS ACCEPT
# The following should have a ttl of 255 and must be allowed to transit a bridge
@1 - - ipv6-icmp router-solicitation
@1 - - ipv6-icmp router-advertisement
@1 - - ipv6-icmp neighbour-solicitation
@1 - - ipv6-icmp neighbour-advertisement
@1 - - ipv6-icmp 141 # Inverse neighbour discovery solicitation
@1 - - ipv6-icmp 142 # Inverse neighbour discovery advertisement
# The following should have a link local source address and must be allowed to transit a bridge
# The following must have a link local source address and must be allowed to transit a bridge
@1 fe80::/10 - ipv6-icmp 130 # Listener query
@1 fe80::/10 - ipv6-icmp 131 # Listener report
@1 fe80::/10 - ipv6-icmp 132 # Listener done
@1 fe80::/10 - ipv6-icmp router-advertisement
@1 fe80::/10 - ipv6-icmp 143 # Listener report v2
# The following should be received with a ttl of 255 and must be allowed to transit a bridge