Reverse order of ICMPv6 and Multicast/anycast filtering

Shorewall/action.Drop

@@ -3,7 +3,7 @@
 #
 # /usr/share/shorewall/action.Drop
 #
-#	The default DROP common rules
+#	The default DROP common rules1
 #
 #	This action is invoked before a DROP policy is enforced. The purpose
 #	of the action is:

Shorewall6/action.Drop

@@ -24,15 +24,15 @@
 #
 Auth(REJECT)
 #
+# ACCEPT critical ICMP types
+#
+AllowICMPs	-	-	ipv6-icmp
+#
 # Drop Broadcasts so they don't clutter up the log
 # (broadcasts must *not* be rejected).
 #
 dropBcast
 #
-# ACCEPT critical ICMP types
-#
-AllowICMPs	-	-	ipv6-icmp
-#
 # Drop packets that are in the INVALID state -- these are usually ICMP packets
 # and just confuse people when they appear in the log.
 #

Shorewall6/action.Reject

@@ -23,12 +23,13 @@ Auth(REJECT)
 # Drop Multicasts so they don't clutter up the log
 # (broadcasts must *not* be rejected).
 #
-dropBcast
-#
-# ACCEPT critical ICMP types
-#
 AllowICMPs	-	-	ipv6-icmp
 #
+# Drop Broadcasts so they don't clutter up the log
+# (broadcasts must *not* be rejected).
+#
+dropBcast
+#
 # Drop packets that are in the INVALID state -- these are usually ICMP packets
 # and just confuse people when they appear in the log (these ICMPs cannot be
 # rejected).