diff --git a/Shorewall/Samples/Universal/shorewall.conf b/Shorewall/Samples/Universal/shorewall.conf index f8108629a..06b2e5f08 100644 --- a/Shorewall/Samples/Universal/shorewall.conf +++ b/Shorewall/Samples/Universal/shorewall.conf @@ -110,8 +110,8 @@ TC= ############################################################################### ACCEPT_DEFAULT=none -BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL" -DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)" +BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),AllowICMPs,dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL" +DROP_DEFAULT="Broadcast(DROP),Multicast(DROP),AllowICMPs" NFQUEUE_DEFAULT=none QUEUE_DEFAULT=none REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP)" diff --git a/Shorewall/Samples/one-interface/shorewall.conf b/Shorewall/Samples/one-interface/shorewall.conf index ae5e76ccc..c6fde4df1 100644 --- a/Shorewall/Samples/one-interface/shorewall.conf +++ b/Shorewall/Samples/one-interface/shorewall.conf @@ -121,8 +121,8 @@ TC= ############################################################################### ACCEPT_DEFAULT=none -BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL" -DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)" +BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),AllowICMPs,dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL" +DROP_DEFAULT="Broadcast(DROP),Multicast(DROP),AllowICMPs" NFQUEUE_DEFAULT=none QUEUE_DEFAULT=none REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP)" diff --git a/Shorewall/Samples/three-interfaces/shorewall.conf b/Shorewall/Samples/three-interfaces/shorewall.conf index 1bf693b82..a9c229fb9 100644 --- a/Shorewall/Samples/three-interfaces/shorewall.conf +++ b/Shorewall/Samples/three-interfaces/shorewall.conf @@ -118,8 +118,8 @@ TC= ############################################################################### ACCEPT_DEFAULT=none -BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL" -DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)" +BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),AllowICMPs,dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL" +DROP_DEFAULT="Broadcast(DROP),Multicast(DROP),AllowICMPs" NFQUEUE_DEFAULT=none QUEUE_DEFAULT=none REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP)" diff --git a/Shorewall/Samples/two-interfaces/shorewall.conf b/Shorewall/Samples/two-interfaces/shorewall.conf index 78bab66f8..3dc1023a4 100644 --- a/Shorewall/Samples/two-interfaces/shorewall.conf +++ b/Shorewall/Samples/two-interfaces/shorewall.conf @@ -121,8 +121,8 @@ TC= ############################################################################### ACCEPT_DEFAULT=none -BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL" -DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)" +BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),AllowICMPs,dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL" +DROP_DEFAULT="Broadcast(DROP),Multicast(DROP),AllowICMPs" NFQUEUE_DEFAULT=none QUEUE_DEFAULT=none REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP)" diff --git a/Shorewall/actions.std b/Shorewall/actions.std index 020e9f021..3297a61c9 100644 --- a/Shorewall/actions.std +++ b/Shorewall/actions.std @@ -25,7 +25,7 @@ A_Drop # Audited Default Action for DROP policy A_REJECT noinline,logjump # Audits then rejects a connection request A_REJECT! inline # Audits then rejects a connection request A_Reject # Audited Default action for REJECT policy -allowICMPs inline # Allow Required ICMP packets +AllowICMPs inline # Allow Required ICMP packets allowInvalid inline # Accepts packets in the INVALID conntrack state AutoBL noinline # Auto-blacklist IPs that exceed thesholds AutoBLL noinline # Helper for AutoBL diff --git a/Shorewall/configfiles/shorewall.conf b/Shorewall/configfiles/shorewall.conf index b73cf34d6..94ece9e78 100644 --- a/Shorewall/configfiles/shorewall.conf +++ b/Shorewall/configfiles/shorewall.conf @@ -110,8 +110,8 @@ TC= ############################################################################### ACCEPT_DEFAULT=none -BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL" -DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)" +BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),AllowICMPs,dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL" +DROP_DEFAULT="Broadcast(DROP),Multicast(DROP),AllowICMPs" NFQUEUE_DEFAULT=none QUEUE_DEFAULT=none REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP)"