Inline Multicast when Address Type Match is available

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2017-10-20 12:01:41 -07:00
parent c3bd58827f
commit 774b707352
No known key found for this signature in database
GPG Key ID: 96E6B3F2423A4D10

View File

@ -44,7 +44,11 @@ IfEvent noinline # Perform an action based on an event
Invalid inline,audit,\ # Handles packets in the INVALID conntrack state Invalid inline,audit,\ # Handles packets in the INVALID conntrack state
state=INVALID # state=INVALID #
Limit noinline # Limit the rate of connections from each individual IP address Limit noinline # Limit the rate of connections from each individual IP address
?if __ADDRTYPE
Multicast inline,audit # Handles Multicast
?else
Multicast noinline,audit # Handles Multicast Multicast noinline,audit # Handles Multicast
?endif
New inline,state=NEW # Handles packets in the NEW conntrack state New inline,state=NEW # Handles packets in the NEW conntrack state
NotSyn inline,audit # Handles TCP packets which do not have SYN=1 and ACK=0 NotSyn inline,audit # Handles TCP packets which do not have SYN=1 and ACK=0
rejNotSyn noinline # Silently Reject Non-syn TCP packets rejNotSyn noinline # Silently Reject Non-syn TCP packets