Reverse the order of ICMP and Broadcast checking in the default actions

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-11 11:16:46 -07:00 · 2016-04-11 11:16:46 -07:00 · 16afd880b2
commit 16afd880b2
parent 76a5841fcd
2 changed files with 6 additions and 0 deletions
--- a/Shorewall/action.Drop
+++ b/Shorewall/action.Drop
@ -53,6 +53,9 @@ Auth(@2)
 #
 # ACCEPT critical ICMP types
 #
+# For IPv6 connectivity ipv6-icmp broadcasting is required so
+# AllowICMPs must be before silent broadcast Drop.
+#
 AllowICMPs(@4)	-	-	icmp
 #
 # Don't log broadcasts
--- a/Shorewall/action.Reject
+++ b/Shorewall/action.Reject
@ -52,6 +52,9 @@ Auth(@2)
 #
 # ACCEPT critical ICMP types
 #
+# For IPv6 connectivity ipv6-icmp broadcasting is required so
+# AllowICMPs must be before silent broadcast Drop.
+#
 AllowICMPs(@4)	-	-	icmp
 #
 # Drop Broadcasts so they don't clutter up the log