Change macro.ICMPs to an inline action

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Conflicts:
	Shorewall/actions.std
This commit is contained in:
Tom Eastep 2017-03-07 11:30:38 -08:00
parent 4f869c3506
commit 6019adaae5
No known key found for this signature in database
GPG Key ID: 96E6B3F2423A4D10
3 changed files with 12 additions and 13 deletions

View File

@ -0,0 +1,11 @@
#
# Shorewall -- /usr/share/shorewall/action.AllowICMPs
#
# This action ACCEPTs needed ICMP types.
#
###############################################################################
#ACTION SOURCE DEST PROTO DPORT SPORT ORIGDEST RATE USER
DEFAULTS ACCEPT
@1 - - icmp fragmentation-needed
@2 - - icmp time-exceeded

View File

@ -1,13 +0,0 @@
#
# Shorewall -- /usr/share/shorewall/macro.AllowICMPs
#
# This macro ACCEPTs needed ICMP types.
#
###############################################################################
#ACTION SOURCE DEST PROTO DPORT SPORT ORIGDEST RATE USER
?COMMENT Needed ICMP types
DEFAULT ACCEPT
PARAM - - icmp fragmentation-needed
PARAM - - icmp time-exceeded

View File

@ -14,6 +14,7 @@ A_REJECT! inline # Audits then rejects a connection request
A_Reject # Audited Default action for REJECT policy
allowBcast inline # Silently Allow Broadcast
allowinUPnP inline # Allow UPnP inbound (to firewall) traffic
AllowICMPs inline # Allow Required ICMP packets
allowInvalid inline # Accepts packets in the INVALID conntrack state
allowMcast inline # Silently Allow Multicast
AutoBL noinline # Auto-blacklist IPs that exceed thesholds