mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-25 09:03:30 +01:00
AllowICMPs: router-advertisment source must be fe80::/10
Signed-off-by: Tuomo Soini <tis@foobar.fi>
This commit is contained in:
parent
0de5e88018
commit
393cd5043d
@ -20,16 +20,16 @@ DEFAULTS ACCEPT
|
|||||||
|
|
||||||
# The following should have a ttl of 255 and must be allowed to transit a bridge
|
# The following should have a ttl of 255 and must be allowed to transit a bridge
|
||||||
@1 - - ipv6-icmp router-solicitation
|
@1 - - ipv6-icmp router-solicitation
|
||||||
@1 - - ipv6-icmp router-advertisement
|
|
||||||
@1 - - ipv6-icmp neighbour-solicitation
|
@1 - - ipv6-icmp neighbour-solicitation
|
||||||
@1 - - ipv6-icmp neighbour-advertisement
|
@1 - - ipv6-icmp neighbour-advertisement
|
||||||
@1 - - ipv6-icmp 141 # Inverse neighbour discovery solicitation
|
@1 - - ipv6-icmp 141 # Inverse neighbour discovery solicitation
|
||||||
@1 - - ipv6-icmp 142 # Inverse neighbour discovery advertisement
|
@1 - - ipv6-icmp 142 # Inverse neighbour discovery advertisement
|
||||||
|
|
||||||
# The following should have a link local source address and must be allowed to transit a bridge
|
# The following must have a link local source address and must be allowed to transit a bridge
|
||||||
@1 fe80::/10 - ipv6-icmp 130 # Listener query
|
@1 fe80::/10 - ipv6-icmp 130 # Listener query
|
||||||
@1 fe80::/10 - ipv6-icmp 131 # Listener report
|
@1 fe80::/10 - ipv6-icmp 131 # Listener report
|
||||||
@1 fe80::/10 - ipv6-icmp 132 # Listener done
|
@1 fe80::/10 - ipv6-icmp 132 # Listener done
|
||||||
|
@1 fe80::/10 - ipv6-icmp router-advertisement
|
||||||
@1 fe80::/10 - ipv6-icmp 143 # Listener report v2
|
@1 fe80::/10 - ipv6-icmp 143 # Listener report v2
|
||||||
|
|
||||||
# The following should be received with a ttl of 255 and must be allowed to transit a bridge
|
# The following should be received with a ttl of 255 and must be allowed to transit a bridge
|
||||||
|
Loading…
Reference in New Issue
Block a user