extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-01-25 15:09:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

Reverse the order of Broadcast and ICMP checking in the default actions

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2016-04-11 10:47:11 -07:00
parent 9758e8cdc5
commit 76a5841fcd
2 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Shorewall/action.Drop
View File

@ -51,14 +51,14 @@ COUNT
Auth(@2) Auth(@2)
?endif ?endif
# #
# Don't log broadcasts
#
Broadcast(DROP,@1)
#
# ACCEPT critical ICMP types # ACCEPT critical ICMP types
# #
AllowICMPs(@4) - - icmp AllowICMPs(@4) - - icmp
# #
# Don't log broadcasts
#
Broadcast(DROP,@1)
#
# Drop packets that are in the INVALID state -- these are usually ICMP packets # Drop packets that are in the INVALID state -- these are usually ICMP packets
# and just confuse people when they appear in the log. # and just confuse people when they appear in the log.
# #

8
Shorewall/action.Reject
View File

@ -50,15 +50,15 @@ COUNT
Auth(@2) Auth(@2)
?endif ?endif
# #
# ACCEPT critical ICMP types
#
AllowICMPs(@4) - - icmp
#
# Drop Broadcasts so they don't clutter up the log # Drop Broadcasts so they don't clutter up the log
# (broadcasts must *not* be rejected). # (broadcasts must *not* be rejected).
# #
Broadcast(DROP,@1) Broadcast(DROP,@1)
# #
# ACCEPT critical ICMP types
#
AllowICMPs(@4) - - icmp
#
# Drop packets that are in the INVALID state -- these are usually ICMP packets # Drop packets that are in the INVALID state -- these are usually ICMP packets
# and just confuse people when they appear in the log (these ICMPs cannot be # and just confuse people when they appear in the log (these ICMPs cannot be
# rejected). # rejected).