mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-22 22:30:58 +01:00
Reverse order of ICMPv6 and Multicast/anycast filtering
This commit is contained in:
parent
d447482dd6
commit
a29921c9d2
@ -3,7 +3,7 @@
|
||||
#
|
||||
# /usr/share/shorewall/action.Drop
|
||||
#
|
||||
# The default DROP common rules
|
||||
# The default DROP common rules1
|
||||
#
|
||||
# This action is invoked before a DROP policy is enforced. The purpose
|
||||
# of the action is:
|
||||
|
@ -24,15 +24,15 @@
|
||||
#
|
||||
Auth(REJECT)
|
||||
#
|
||||
# ACCEPT critical ICMP types
|
||||
#
|
||||
AllowICMPs - - ipv6-icmp
|
||||
#
|
||||
# Drop Broadcasts so they don't clutter up the log
|
||||
# (broadcasts must *not* be rejected).
|
||||
#
|
||||
dropBcast
|
||||
#
|
||||
# ACCEPT critical ICMP types
|
||||
#
|
||||
AllowICMPs - - ipv6-icmp
|
||||
#
|
||||
# Drop packets that are in the INVALID state -- these are usually ICMP packets
|
||||
# and just confuse people when they appear in the log.
|
||||
#
|
||||
|
@ -23,12 +23,13 @@ Auth(REJECT)
|
||||
# Drop Multicasts so they don't clutter up the log
|
||||
# (broadcasts must *not* be rejected).
|
||||
#
|
||||
dropBcast
|
||||
#
|
||||
# ACCEPT critical ICMP types
|
||||
#
|
||||
AllowICMPs - - ipv6-icmp
|
||||
#
|
||||
# Drop Broadcasts so they don't clutter up the log
|
||||
# (broadcasts must *not* be rejected).
|
||||
#
|
||||
dropBcast
|
||||
#
|
||||
# Drop packets that are in the INVALID state -- these are usually ICMP packets
|
||||
# and just confuse people when they appear in the log (these ICMPs cannot be
|
||||
# rejected).
|
||||
|
Loading…
Reference in New Issue
Block a user