Reverse order of ICMPv6 and Multicast/anycast filtering

This commit is contained in:
Tom Eastep 2010-07-13 13:03:55 -07:00
parent d447482dd6
commit a29921c9d2
3 changed files with 10 additions and 9 deletions

View File

@ -3,7 +3,7 @@
#
# /usr/share/shorewall/action.Drop
#
# The default DROP common rules
# The default DROP common rules1
#
# This action is invoked before a DROP policy is enforced. The purpose
# of the action is:

View File

@ -24,15 +24,15 @@
#
Auth(REJECT)
#
# ACCEPT critical ICMP types
#
AllowICMPs - - ipv6-icmp
#
# Drop Broadcasts so they don't clutter up the log
# (broadcasts must *not* be rejected).
#
dropBcast
#
# ACCEPT critical ICMP types
#
AllowICMPs - - ipv6-icmp
#
# Drop packets that are in the INVALID state -- these are usually ICMP packets
# and just confuse people when they appear in the log.
#

View File

@ -23,12 +23,13 @@ Auth(REJECT)
# Drop Multicasts so they don't clutter up the log
# (broadcasts must *not* be rejected).
#
dropBcast
#
# ACCEPT critical ICMP types
#
AllowICMPs - - ipv6-icmp
#
# Drop Broadcasts so they don't clutter up the log
# (broadcasts must *not* be rejected).
#
dropBcast
#
# Drop packets that are in the INVALID state -- these are usually ICMP packets
# and just confuse people when they appear in the log (these ICMPs cannot be
# rejected).