forked from extern/shorewall_code
AllowICMPs: certificate path solicitation source must be :: or fe80::/10
Signed-off-by: Tuomo Soini <tis@foobar.fi>
This commit is contained in:
parent
a8294ed495
commit
de23e641f7
@ -34,7 +34,8 @@ DEFAULTS ACCEPT
|
||||
@1 fe80::/10 - ipv6-icmp 143 # Listener report v2
|
||||
|
||||
# The following should be received with a ttl of 255 and must be allowed to transit a bridge
|
||||
@1 - - ipv6-icmp 148 # Certificate path solicitation
|
||||
@1 :: - ipv6-icmp 148 # Certificate path solicitation
|
||||
@1 fe80::/10 - ipv6-icmp 148 # Certificate path solicitation
|
||||
@1 - - ipv6-icmp 149 # Certificate path advertisement
|
||||
|
||||
# The following should have a link local source address and a ttl of 1 and must be allowed to transit a bridge
|
||||
|
Loading…
Reference in New Issue
Block a user