From a8f2da585503427f0202968a0a4bf45a84d165ad Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Fri, 12 Dec 2008 00:07:26 +0000
Subject: [PATCH] Make macro.Reject and macro.Drop use macro.AllowICMPs

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9000 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall6/macro.Drop   | 9 ++++-----
 Shorewall6/macro.Reject | 3 +--
 2 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/Shorewall6/macro.Drop b/Shorewall6/macro.Drop
index 8a6520ef9..122bd5f8d 100644
--- a/Shorewall6/macro.Drop
+++ b/Shorewall6/macro.Drop
@@ -18,16 +18,15 @@
 #
 REJECT	-	-	tcp	113
 #
+# ACCEPT critical ICMP types
+#
+AllowICMPs
+#
 # Drop Broadcasts so they don't clutter up the log
 # (broadcasts must *not* be rejected).
 #
 dropBcast
 #
-# ACCEPT critical ICMP types
-#
-ACCEPT	-	-	icmp	fragmentation-needed
-ACCEPT	-	-	icmp	time-exceeded
-#
 # Drop packets that are in the INVALID state -- these are usually ICMP packets
 # and just confuse people when they appear in the log (these ICMPs cannot be
 # rejected).
diff --git a/Shorewall6/macro.Reject b/Shorewall6/macro.Reject
index f44ed506b..86116feb0 100644
--- a/Shorewall6/macro.Reject
+++ b/Shorewall6/macro.Reject
@@ -26,8 +26,7 @@ dropBcast
 #
 # ACCEPT critical ICMP types
 #
-ACCEPT	-	-	icmp	fragmentation-needed
-ACCEPT	-	-	icmp	time-exceeded
+AllowICMPs
 #
 # Drop packets that are in the INVALID state -- these are usually ICMP packets
 # and just confuse people when they appear in the log (these ICMPs cannot be