mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-23 06:38:53 +01:00
Change macro.ICMPs to an inline action
Signed-off-by: Tom Eastep <teastep@shorewall.net> Conflicts: Shorewall/actions.std
This commit is contained in:
parent
4f869c3506
commit
6019adaae5
11
Shorewall/Actions/action.AllowICMPs
Normal file
11
Shorewall/Actions/action.AllowICMPs
Normal file
@ -0,0 +1,11 @@
|
||||
#
|
||||
# Shorewall -- /usr/share/shorewall/action.AllowICMPs
|
||||
#
|
||||
# This action ACCEPTs needed ICMP types.
|
||||
#
|
||||
###############################################################################
|
||||
#ACTION SOURCE DEST PROTO DPORT SPORT ORIGDEST RATE USER
|
||||
|
||||
DEFAULTS ACCEPT
|
||||
@1 - - icmp fragmentation-needed
|
||||
@2 - - icmp time-exceeded
|
@ -1,13 +0,0 @@
|
||||
#
|
||||
# Shorewall -- /usr/share/shorewall/macro.AllowICMPs
|
||||
#
|
||||
# This macro ACCEPTs needed ICMP types.
|
||||
#
|
||||
###############################################################################
|
||||
#ACTION SOURCE DEST PROTO DPORT SPORT ORIGDEST RATE USER
|
||||
|
||||
?COMMENT Needed ICMP types
|
||||
|
||||
DEFAULT ACCEPT
|
||||
PARAM - - icmp fragmentation-needed
|
||||
PARAM - - icmp time-exceeded
|
@ -14,6 +14,7 @@ A_REJECT! inline # Audits then rejects a connection request
|
||||
A_Reject # Audited Default action for REJECT policy
|
||||
allowBcast inline # Silently Allow Broadcast
|
||||
allowinUPnP inline # Allow UPnP inbound (to firewall) traffic
|
||||
AllowICMPs inline # Allow Required ICMP packets
|
||||
allowInvalid inline # Accepts packets in the INVALID conntrack state
|
||||
allowMcast inline # Silently Allow Multicast
|
||||
AutoBL noinline # Auto-blacklist IPs that exceed thesholds
|
||||
|
Loading…
Reference in New Issue
Block a user