holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code

Browse Source
This commit is contained in:
Tom Eastep 2016-04-12 07:13:29 -07:00
commit 04ec8273ef
2 changed files with 14 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
Shorewall/action.A_Drop
View File

@ -23,14 +23,17 @@ COUNT
# #
Auth(A_DROP) Auth(A_DROP)
# #
# ACCEPT critical ICMP types
#
# For IPv6 connectivity ipv6-icmp broadcasting is required so
# AllowICMPs must be before broadcast Drop.
#
A_AllowICMPs - - icmp
#
# Don't log broadcasts # Don't log broadcasts
# #
dropBcast(audit) dropBcast(audit)
# #
# ACCEPT critical ICMP types
#
A_AllowICMPs - - icmp
#
# Drop packets that are in the INVALID state -- these are usually ICMP packets # Drop packets that are in the INVALID state -- these are usually ICMP packets
# and just confuse people when they appear in the log. # and just confuse people when they appear in the log.
# #

11
Shorewall/action.A_Reject
View File

@ -18,15 +18,18 @@
# #
COUNT COUNT
# #
# ACCEPT critical ICMP types
#
# For IPv6 connectivity ipv6-icmp broadcasting is required so
# AllowICMPs must be before broadcast Drop.
#
A_AllowICMPs - - icmp
#
# Drop Broadcasts so they don't clutter up the log # Drop Broadcasts so they don't clutter up the log
# (broadcasts must *not* be rejected). # (broadcasts must *not* be rejected).
# #
dropBcast(audit) dropBcast(audit)
# #
# ACCEPT critical ICMP types
#
A_AllowICMPs - - icmp
#
# Drop packets that are in the INVALID state -- these are usually ICMP packets # Drop packets that are in the INVALID state -- these are usually ICMP packets
# and just confuse people when they appear in the log (these ICMPs cannot be # and just confuse people when they appear in the log (these ICMPs cannot be
# rejected). # rejected).