extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-30 03:23:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

Drop multicast and anycast in Drop and Reject actions

Browse Source
This commit is contained in:
Tom Eastep 2010-07-12 16:44:34 -07:00
parent c1b212225e
commit b52b7c422f
3 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall/Perl/Shorewall/Actions.pm
View File

@ -776,7 +776,7 @@ sub dropBcast( $$$ ) {
if ( $family == F_IPV4 ) { if ( $family == F_IPV4 ) {
log_rule_limit $level, $chainref, 'dropBcast' , 'DROP', '', $tag, 'add', ' -d 224.0.0.0/4 '; log_rule_limit $level, $chainref, 'dropBcast' , 'DROP', '', $tag, 'add', ' -d 224.0.0.0/4 ';
} else { } else {
log_rule_limit $level, $chainref, 'dropBcast' , 'DROP', '', $tag, 'add', ' -d ff00::/10 -j DROP '; log_rule_limit $level, $chainref, 'dropBcast' , 'DROP', '', $tag, 'add', ' -d ff00::/8 -j DROP ';
} }
} }

5
Shorewall6/action.Drop
View File

@ -24,6 +24,11 @@
# #
Auth(REJECT) Auth(REJECT)
# #
# Drop Broadcasts so they don't clutter up the log
# (broadcasts must *not* be rejected).
#
dropBcast
#
# ACCEPT critical ICMP types # ACCEPT critical ICMP types
# #
AllowICMPs - - ipv6-icmp AllowICMPs - - ipv6-icmp

5
Shorewall6/action.Reject
View File

@ -20,6 +20,11 @@
# #
Auth(REJECT) Auth(REJECT)
# #
# Drop Multicasts so they don't clutter up the log
# (broadcasts must *not* be rejected).
#
dropBcast
#
# ACCEPT critical ICMP types # ACCEPT critical ICMP types
# #
AllowICMPs - - ipv6-icmp AllowICMPs - - ipv6-icmp