extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-23 11:11:32 +02:00
Code Issues Packages Projects Releases Wiki Activity

Exit the IPv6 AllowICMPs chain if packet isn't ipv6-icmp

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2017-12-01 14:50:17 -08:00
parent 138e64c54a
commit 4fc572f664
No known key found for this signature in database
GPG Key ID: 96E6B3F2423A4D10
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall/Actions/action.AllowICMPs
View File

@ -12,8 +12,8 @@ DEFAULTS ACCEPT
@1 - - icmp fragmentation-needed {comment="Needed ICMP types"} @1 - - icmp fragmentation-needed {comment="Needed ICMP types"}
@1 - - icmp time-exceeded {comment="Needed ICMP types"} @1 - - icmp time-exceeded {comment="Needed ICMP types"}
?else ?else
CONTINUE - - !ipv6-icmp
?COMMENT Needed ICMP types (RFC4890) ?COMMENT Needed ICMP types (RFC4890)
@1 - - ipv6-icmp destination-unreachable @1 - - ipv6-icmp destination-unreachable
@1 - - ipv6-icmp packet-too-big @1 - - ipv6-icmp packet-too-big
@1 - - ipv6-icmp time-exceeded @1 - - ipv6-icmp time-exceeded