forked from extern/shorewall_code
Merge branch '11-update-always-allowed-ipv6-icmp-rules-according-rfc4890' into 'master'
Update always allowed ipv6-icmp rules according RFC4890 Closes #11 See merge request shorewall/code!16
This commit is contained in:
commit
b0839c30b2
@ -20,22 +20,23 @@ DEFAULTS ACCEPT
|
|||||||
|
|
||||||
# The following should have a ttl of 255 and must be allowed to transit a bridge
|
# The following should have a ttl of 255 and must be allowed to transit a bridge
|
||||||
@1 - - ipv6-icmp router-solicitation
|
@1 - - ipv6-icmp router-solicitation
|
||||||
@1 - - ipv6-icmp router-advertisement
|
|
||||||
@1 - - ipv6-icmp neighbour-solicitation
|
@1 - - ipv6-icmp neighbour-solicitation
|
||||||
@1 - - ipv6-icmp neighbour-advertisement
|
@1 - - ipv6-icmp neighbour-advertisement
|
||||||
@1 - - ipv6-icmp 137 # Redirect
|
|
||||||
@1 - - ipv6-icmp 141 # Inverse neighbour discovery solicitation
|
@1 - - ipv6-icmp 141 # Inverse neighbour discovery solicitation
|
||||||
@1 - - ipv6-icmp 142 # Inverse neighbour discovery advertisement
|
@1 - - ipv6-icmp 142 # Inverse neighbour discovery advertisement
|
||||||
|
|
||||||
# The following should have a link local source address and must be allowed to transit a bridge
|
# The following must have a link local source address and must be allowed to transit a bridge
|
||||||
@1 fe80::/10 - ipv6-icmp 130 # Listener query
|
@1 fe80::/10 - ipv6-icmp 130 # Listener query
|
||||||
@1 fe80::/10 - ipv6-icmp 131 # Listener report
|
@1 fe80::/10 - ipv6-icmp 131 # Listener report
|
||||||
@1 fe80::/10 - ipv6-icmp 132 # Listener done
|
@1 fe80::/10 - ipv6-icmp 132 # Listener done
|
||||||
|
@1 fe80::/10 - ipv6-icmp router-advertisement
|
||||||
|
@1 :: - ipv6-icmp 143 # Listener report v2
|
||||||
@1 fe80::/10 - ipv6-icmp 143 # Listener report v2
|
@1 fe80::/10 - ipv6-icmp 143 # Listener report v2
|
||||||
|
|
||||||
# The following should be received with a ttl of 255 and must be allowed to transit a bridge
|
# The following should be received with a ttl of 255 and must be allowed to transit a bridge
|
||||||
@1 - - ipv6-icmp 148 # Certificate path solicitation
|
@1 :: - ipv6-icmp 148 # Certificate path solicitation
|
||||||
@1 - - ipv6-icmp 149 # Certificate path advertisement
|
@1 fe80::/10 - ipv6-icmp 148 # Certificate path solicitation
|
||||||
|
@1 fe80::/10 - ipv6-icmp 149 # Certificate path advertisement
|
||||||
|
|
||||||
# The following should have a link local source address and a ttl of 1 and must be allowed to transit a bridge
|
# The following should have a link local source address and a ttl of 1 and must be allowed to transit a bridge
|
||||||
@1 fe80::/10 - ipv6-icmp 151 # Multicast router advertisement
|
@1 fe80::/10 - ipv6-icmp 151 # Multicast router advertisement
|
||||||
|
Loading…
Reference in New Issue
Block a user