diff --git a/Shorewall/Actions/action.AllowICMPs b/Shorewall/Actions/action.AllowICMPs new file mode 100644 index 000000000..d3a96aed7 --- /dev/null +++ b/Shorewall/Actions/action.AllowICMPs @@ -0,0 +1,11 @@ +# +# Shorewall -- /usr/share/shorewall/action.AllowICMPs +# +# This action ACCEPTs needed ICMP types. +# +############################################################################### +#ACTION SOURCE DEST PROTO DPORT SPORT ORIGDEST RATE USER + +DEFAULTS ACCEPT +@1 - - icmp fragmentation-needed +@2 - - icmp time-exceeded diff --git a/Shorewall/Macros/macro.AllowICMPs b/Shorewall/Macros/macro.AllowICMPs deleted file mode 100644 index 4b56bf3dc..000000000 --- a/Shorewall/Macros/macro.AllowICMPs +++ /dev/null @@ -1,13 +0,0 @@ -# -# Shorewall -- /usr/share/shorewall/macro.AllowICMPs -# -# This macro ACCEPTs needed ICMP types. -# -############################################################################### -#ACTION SOURCE DEST PROTO DPORT SPORT ORIGDEST RATE USER - -?COMMENT Needed ICMP types - -DEFAULT ACCEPT -PARAM - - icmp fragmentation-needed -PARAM - - icmp time-exceeded diff --git a/Shorewall/actions.std b/Shorewall/actions.std index c7bb3808e..de09e423e 100644 --- a/Shorewall/actions.std +++ b/Shorewall/actions.std @@ -14,6 +14,7 @@ A_REJECT! inline # Audits then rejects a connection request A_Reject # Audited Default action for REJECT policy allowBcast inline # Silently Allow Broadcast allowinUPnP inline # Allow UPnP inbound (to firewall) traffic +AllowICMPs inline # Allow Required ICMP packets allowInvalid inline # Accepts packets in the INVALID conntrack state allowMcast inline # Silently Allow Multicast AutoBL noinline # Auto-blacklist IPs that exceed thesholds