Change AllowICMPs to an inline action

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Conflicts:
	Shorewall/actions.std

Shorewall/Samples/Universal/shorewall.conf

@@ -110,8 +110,8 @@ TC=
 ###############################################################################
 
 ACCEPT_DEFAULT=none
-BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
-DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)"
+BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),AllowICMPs,dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
+DROP_DEFAULT="Broadcast(DROP),Multicast(DROP),AllowICMPs"
 NFQUEUE_DEFAULT=none
 QUEUE_DEFAULT=none
 REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP)"

Shorewall/Samples/one-interface/shorewall.conf

@@ -121,8 +121,8 @@ TC=
 ###############################################################################
 
 ACCEPT_DEFAULT=none
-BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
-DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)"
+BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),AllowICMPs,dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
+DROP_DEFAULT="Broadcast(DROP),Multicast(DROP),AllowICMPs"
 NFQUEUE_DEFAULT=none
 QUEUE_DEFAULT=none
 REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP)"

Shorewall/Samples/three-interfaces/shorewall.conf

@@ -118,8 +118,8 @@ TC=
 ###############################################################################
 
 ACCEPT_DEFAULT=none
-BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
-DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)"
+BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),AllowICMPs,dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
+DROP_DEFAULT="Broadcast(DROP),Multicast(DROP),AllowICMPs"
 NFQUEUE_DEFAULT=none
 QUEUE_DEFAULT=none
 REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP)"

Shorewall/Samples/two-interfaces/shorewall.conf

@@ -121,8 +121,8 @@ TC=
 ###############################################################################
 
 ACCEPT_DEFAULT=none
-BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
-DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)"
+BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),AllowICMPs,dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
+DROP_DEFAULT="Broadcast(DROP),Multicast(DROP),AllowICMPs"
 NFQUEUE_DEFAULT=none
 QUEUE_DEFAULT=none
 REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP)"

Shorewall/actions.std

@@ -12,9 +12,9 @@ A_Drop				# Audited Default Action for DROP policy
 A_REJECT     noinline,logjump	# Audits then rejects a connection request
 A_REJECT!    inline		# Audits then rejects a connection request
 A_Reject			# Audited Default action for REJECT policy
+AllowICMPs   inline             # Allow Required ICMP packets
 allowBcast   inline		# Silently Allow Broadcast
 allowinUPnP  inline		# Allow UPnP inbound (to firewall) traffic
-AllowICMPs   inline             # Allow Required ICMP packets
 allowInvalid inline		# Accepts packets in the INVALID conntrack state
 allowMcast   inline		# Silently Allow Multicast
 AutoBL	     noinline		# Auto-blacklist IPs that exceed thesholds

Shorewall/configfiles/shorewall.conf

@@ -110,8 +110,8 @@ TC=
 ###############################################################################
 
 ACCEPT_DEFAULT=none
-BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
-DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)"
+BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),AllowICMPs,dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
+DROP_DEFAULT="Broadcast(DROP),Multicast(DROP),AllowICMPs"
 NFQUEUE_DEFAULT=none
 QUEUE_DEFAULT=none
 REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP)"