From c534c458ddfc9c1af3a74c5acb2ae35ec0da3c0c Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Fri, 10 Mar 2017 08:53:54 -0800 Subject: [PATCH] Revert "Remove Multicast from IPv6 Policy Actions" This reverts commit 85d571d01311851dbe69bb422e5757a18a329e85. --- Shorewall6/Samples6/Universal/shorewall6.conf | 6 +++--- Shorewall6/Samples6/one-interface/shorewall6.conf | 6 +++--- Shorewall6/Samples6/three-interfaces/shorewall6.conf | 6 +++--- Shorewall6/Samples6/two-interfaces/shorewall6.conf | 6 +++--- Shorewall6/configfiles/shorewall6.conf | 6 +++--- 5 files changed, 15 insertions(+), 15 deletions(-) diff --git a/Shorewall6/Samples6/Universal/shorewall6.conf b/Shorewall6/Samples6/Universal/shorewall6.conf index e0b52c44a..c139d2b76 100644 --- a/Shorewall6/Samples6/Universal/shorewall6.conf +++ b/Shorewall6/Samples6/Universal/shorewall6.conf @@ -107,11 +107,11 @@ TC= ############################################################################### ACCEPT_DEFAULT=none -BLACKLIST_DEFAULT="AllowICMPs,Broadcast(DROP),dropNotSyn:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL" -DROP_DEFAULT="AllowICMPs,Broadcast(DROP)" +BLACKLIST_DEFAULT="AllowICMPs,Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL" +DROP_DEFAULT="AllowICMPs,Broadcast(DROP),Multicast(DROP)" NFQUEUE_DEFAULT=none QUEUE_DEFAULT=none -REJECT_DEFAULT="AllowICMPs,Broadcast(DROP)" +REJECT_DEFAULT="AllowICMPs,Broadcast(DROP),Multicast(DROP)" ############################################################################### # R S H / R C P C O M M A N D S diff --git a/Shorewall6/Samples6/one-interface/shorewall6.conf b/Shorewall6/Samples6/one-interface/shorewall6.conf index 59ed529d8..d5b389f1e 100644 --- a/Shorewall6/Samples6/one-interface/shorewall6.conf +++ b/Shorewall6/Samples6/one-interface/shorewall6.conf @@ -108,11 +108,11 @@ TC= ############################################################################### ACCEPT_DEFAULT=none -BLACKLIST_DEFAULT="AllowICMPs,Broadcast(DROP),dropNotSyn:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL" -DROP_DEFAULT="AllowICMPs,Broadcast(DROP)" +BLACKLIST_DEFAULT="AllowICMPs,Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL" +DROP_DEFAULT="AllowICMPs,Broadcast(DROP),Multicast(DROP)" NFQUEUE_DEFAULT=none QUEUE_DEFAULT=none -REJECT_DEFAULT="AllowICMPs,Broadcast(DROP)" +REJECT_DEFAULT="AllowICMPs,Broadcast(DROP),Multicast(DROP)" ############################################################################### # R S H / R C P C O M M A N D S diff --git a/Shorewall6/Samples6/three-interfaces/shorewall6.conf b/Shorewall6/Samples6/three-interfaces/shorewall6.conf index cf97563ed..ab1a82690 100644 --- a/Shorewall6/Samples6/three-interfaces/shorewall6.conf +++ b/Shorewall6/Samples6/three-interfaces/shorewall6.conf @@ -107,11 +107,11 @@ TC= ############################################################################### ACCEPT_DEFAULT=none -BLACKLIST_DEFAULT="AllowICMPs,Broadcast(DROP),dropNotSyn:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL" -DROP_DEFAULT="AllowICMPs,Broadcast(DROP)" +BLACKLIST_DEFAULT="AllowICMPs,Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL" +DROP_DEFAULT="AllowICMPs,Broadcast(DROP),Multicast(DROP)" NFQUEUE_DEFAULT=none QUEUE_DEFAULT=none -REJECT_DEFAULT="AllowICMPs,Broadcast(DROP)" +REJECT_DEFAULT="AllowICMPs,Broadcast(DROP),Multicast(DROP)" ############################################################################### # R S H / R C P C O M M A N D S diff --git a/Shorewall6/Samples6/two-interfaces/shorewall6.conf b/Shorewall6/Samples6/two-interfaces/shorewall6.conf index 8034579bb..f8841b2ac 100644 --- a/Shorewall6/Samples6/two-interfaces/shorewall6.conf +++ b/Shorewall6/Samples6/two-interfaces/shorewall6.conf @@ -107,11 +107,11 @@ TC= ############################################################################### ACCEPT_DEFAULT=none -BLACKLIST_DEFAULT="AllowICMPs,Broadcast(DROP),dropNotSyn:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL" -DROP_DEFAULT="AllowICMPs,Broadcast(DROP)" +BLACKLIST_DEFAULT="AllowICMPs,Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL" +DROP_DEFAULT="AllowICMPs,Broadcast(DROP),Multicast(DROP)" NFQUEUE_DEFAULT=none QUEUE_DEFAULT=none -REJECT_DEFAULT="AllowICMPs,Broadcast(DROP)" +REJECT_DEFAULT="AllowICMPs,Broadcast(DROP),Multicast(DROP)" ############################################################################### # R S H / R C P C O M M A N D S diff --git a/Shorewall6/configfiles/shorewall6.conf b/Shorewall6/configfiles/shorewall6.conf index 30d9f6d0a..bd46e6603 100644 --- a/Shorewall6/configfiles/shorewall6.conf +++ b/Shorewall6/configfiles/shorewall6.conf @@ -66,7 +66,7 @@ SMURF_LOG_LEVEL="$LOG_LEVEL" STARTUP_LOG=/var/log/shorewall6-init.log -TCP_FLAGS_LOG_LEVEL="$LOG_LEVEL" +TCP_FLAGS_LOG_LEVEL=:$LOG_LEVEL" UNTRACKED_LOG_LEVEL= @@ -107,8 +107,8 @@ TC= ############################################################################### ACCEPT_DEFAULT=none -BLACKLIST_DEFAULT="AllowICMPs,Broadcast(DROP),dropNotSyn:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL" -DROP_DEFAULT="AllowICMPs,Broadcast(DROP)" +BLACKLIST_DEFAULT="AllowICMPs,Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL" +DROP_DEFAULT="AllowICMPs,Broadcast(DROP),Multicast(DROP)" NFQUEUE_DEFAULT=none QUEUE_DEFAULT=none REJECT_DEFAULT="AllowICMPs,Broadcast(DROP),Multicast(DROP)"