mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-21 23:23:13 +01:00
AllowICMPs: certificate path solicitation source must be :: or fe80::/10
Signed-off-by: Tuomo Soini <tis@foobar.fi>
This commit is contained in:
parent
a8294ed495
commit
de23e641f7
@ -34,7 +34,8 @@ DEFAULTS ACCEPT
|
|||||||
@1 fe80::/10 - ipv6-icmp 143 # Listener report v2
|
@1 fe80::/10 - ipv6-icmp 143 # Listener report v2
|
||||||
|
|
||||||
# The following should be received with a ttl of 255 and must be allowed to transit a bridge
|
# The following should be received with a ttl of 255 and must be allowed to transit a bridge
|
||||||
@1 - - ipv6-icmp 148 # Certificate path solicitation
|
@1 :: - ipv6-icmp 148 # Certificate path solicitation
|
||||||
|
@1 fe80::/10 - ipv6-icmp 148 # Certificate path solicitation
|
||||||
@1 - - ipv6-icmp 149 # Certificate path advertisement
|
@1 - - ipv6-icmp 149 # Certificate path advertisement
|
||||||
|
|
||||||
# The following should have a link local source address and a ttl of 1 and must be allowed to transit a bridge
|
# The following should have a link local source address and a ttl of 1 and must be allowed to transit a bridge
|
||||||
|
Loading…
Reference in New Issue
Block a user