Change macro.ICMPs to an inline action

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-07 11:30:38 -08:00 · 2017-03-07 11:30:38 -08:00 · c3661ad476
commit c3661ad476
parent a4dcc3f555
3 changed files with 12 additions and 13 deletions
--- a/Shorewall/Actions/action.AllowICMPs
+++ b/Shorewall/Actions/action.AllowICMPs
@ -0,0 +1,11 @@
+#
+# Shorewall -- /usr/share/shorewall/action.AllowICMPs
+#
+# This action ACCEPTs needed ICMP types.
+#
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
+DEFAULTS ACCEPT
+@1	-	-	icmp	fragmentation-needed
+@2	-	-	icmp	time-exceeded
--- a/Shorewall/Macros/macro.AllowICMPs
+++ b/Shorewall/Macros/macro.AllowICMPs
@ -1,13 +0,0 @@
-#
-# Shorewall -- /usr/share/shorewall/macro.AllowICMPs
-#
-# This macro ACCEPTs needed ICMP types.
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-
-?COMMENT Needed ICMP types
-
-DEFAULT ACCEPT
-PARAM	-	-	icmp	fragmentation-needed
-PARAM	-	-	icmp	time-exceeded
--- a/Shorewall/actions.std
+++ b/Shorewall/actions.std
@ -25,6 +25,7 @@ A_Drop				# Audited Default Action for DROP policy
 A_REJECT     noinline,logjump	# Audits then rejects a connection request
 A_REJECT!    inline		# Audits then rejects a connection request
 A_Reject			# Audited Default action for REJECT policy
+allowICMPs   inline             # Allow Required ICMP packets
 allowInvalid inline		# Accepts packets in the INVALID conntrack state
 AutoBL	     noinline		# Auto-blacklist IPs that exceed thesholds
 AutoBLL	     noinline		# Helper for AutoBL