extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-26 09:33:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Drop multicast and anycast in Drop and Reject actions

Browse Source
This commit is contained in:
Tom Eastep 2010-07-12 16:44:34 -07:00
parent c1b212225e
commit b52b7c422f
3 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall/Perl/Shorewall/Actions.pm
View File

@ -776,7 +776,7 @@ sub dropBcast( $$$ ) {
if ( $family == F_IPV4 ) {
log_rule_limit $level, $chainref, 'dropBcast' , 'DROP', '', $tag, 'add', ' -d 224.0.0.0/4 ';
} else {
log_rule_limit $level, $chainref, 'dropBcast' , 'DROP', '', $tag, 'add', ' -d ff00::/10 -j DROP ';
log_rule_limit $level, $chainref, 'dropBcast' , 'DROP', '', $tag, 'add', ' -d ff00::/8 -j DROP ';
}
}

5
Shorewall6/action.Drop
View File

@ -24,6 +24,11 @@
#
Auth(REJECT)
#
# Drop Broadcasts so they don't clutter up the log
# (broadcasts must *not* be rejected).
#
dropBcast
#
# ACCEPT critical ICMP types
#
AllowICMPs - - ipv6-icmp

5
Shorewall6/action.Reject
View File

@ -20,6 +20,11 @@
#
Auth(REJECT)
#
# Drop Multicasts so they don't clutter up the log
# (broadcasts must *not* be rejected).
#
dropBcast
#
# ACCEPT critical ICMP types
#
AllowICMPs - - ipv6-icmp