forked from extern/shorewall_code
Document ICMP codes
This commit is contained in:
parent
28b660c853
commit
b4199fd068
@ -2125,10 +2125,12 @@ sub setup_mss( ) {
|
||||
for ( @$interfaces ) {
|
||||
my $mss = get_interface_option( $_, 'mss' );
|
||||
my $mssmatch = $capabilities{TCPMSS_MATCH} ? "-m tcpmss --mss $mss: " : '';
|
||||
add_rule $chainref, "-o $_ -p tcp --tcp-flags SYN,RST SYN ${mssmatch}${out_match}-j TCPMSS --set-mss $mss";
|
||||
add_rule $chainref, "-o $_ -j RETURN" if $clampmss;
|
||||
add_rule $chainref, "-i $_ -p tcp --tcp-flags SYN,RST SYN ${mssmatch}${in_match}-j TCPMSS --set-mss $mss";
|
||||
add_rule $chainref, "-i $_ -j RETURN" if $clampmss;
|
||||
my $source = match_source_dev $_;
|
||||
my $dest = match_dest_dev $_;
|
||||
add_rule $chainref, "$dest -p tcp --tcp-flags SYN,RST SYN ${mssmatch}${out_match}-j TCPMSS --set-mss $mss";
|
||||
add_rule $chainref, "$dest -j RETURN" if $clampmss;
|
||||
add_rule $chainref, "$source -p tcp --tcp-flags SYN,RST SYN ${mssmatch}${in_match}-j TCPMSS --set-mss $mss";
|
||||
add_rule $chainref, "$source -j RETURN" if $clampmss;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1028,6 +1028,79 @@ Shorewall has detected the following iptables/netfilter capabilities:
|
||||
"!tcp").</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>ICMP and ICMP6 Types and Codes</title>
|
||||
|
||||
<para>When dealing with ICMP, the DEST PORT specifies the type or type and
|
||||
code. You may specify the numeric type, the numeric type and code
|
||||
separated by a slash (e.g., 3/4) or you may use a type name. </para>
|
||||
|
||||
<para>Type names for IPv4 and their corresponding type or type/code
|
||||
are:</para>
|
||||
|
||||
<programlisting>echo-reply' => 0
|
||||
destination-unreachable => 3
|
||||
network-unreachable => 3/0
|
||||
host-unreachable => 3/1
|
||||
protocol-unreachable => 3/2
|
||||
port-unreachable => 3/3
|
||||
fragmentation-needed => 3/4
|
||||
source-route-failed => 3/5
|
||||
network-unknown => 3/6
|
||||
host-unknown => 3/7
|
||||
network-prohibited => 3/9
|
||||
host-prohibited => 3/10
|
||||
TOS-network-unreachable => 3/11
|
||||
TOS-host-unreachable => 3/12
|
||||
communication-prohibited => 3/13
|
||||
host-precedence-violation => 3/14
|
||||
precedence-cutoff => 3/15
|
||||
source-quench => 4
|
||||
redirect => 5
|
||||
network-redirect => 5/0
|
||||
host-redirect => 5/1
|
||||
TOS-network-redirect => 5/2
|
||||
TOS-host-redirect => 5/3
|
||||
echo-request => 8
|
||||
router-advertisement => 9
|
||||
router-solicitation => 10
|
||||
time-exceeded => 11
|
||||
ttl-zero-during-transit => 11/0
|
||||
ttl-zero-during-reassembly=> 11/1
|
||||
parameter-problem => 12
|
||||
ip-header-bad => 12/0
|
||||
required-option-missing => 12/1
|
||||
timestamp-request => 13
|
||||
timestamp-reply => 14
|
||||
address-mask-request => 17
|
||||
address-mask-reply => 18</programlisting>
|
||||
|
||||
<para>Type names for IPv6 and their corresponding type or type/code
|
||||
are:</para>
|
||||
|
||||
<programlisting>destination-unreachable => 1
|
||||
no-route' => 1/0
|
||||
communication-prohibited => 1/1
|
||||
address-unreachable' => 1/2
|
||||
port-unreachable' => 1/3
|
||||
packet-too-big => 2
|
||||
time-exceeded' => 3
|
||||
ttl-exceeded' => 3
|
||||
ttl-zero-during-transit => 3/0
|
||||
ttl-zero-during-reassembly => 3/1
|
||||
parameter-problem => 4
|
||||
bad-header => 4/0
|
||||
unknown-header-type => 4/1
|
||||
unknown-option => 4/2
|
||||
echo-request => 128
|
||||
echo-reply => 129
|
||||
router-solicitation => 133
|
||||
router-advertisement => 134
|
||||
neighbour-solicitation => 135
|
||||
neighbour-advertisement => 136
|
||||
redirect => 137</programlisting>
|
||||
</section>
|
||||
|
||||
<section id="Ranges">
|
||||
<title>Port Ranges</title>
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user