Proxmox/pve-firewall
5
0
Fork 0
mirror of git://git.proxmox.com/git/pve-firewall.git synced 2025-01-06 17:17:59 +03:00
Code Releases Activity

fix ipv6 PVEFW-reject

Browse Source 
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
This commit is contained in:
Alexandre Derumier 2019-04-29 16:18:46 +02:00 committed by Thomas Lamprecht
parent bbf77725f2
commit 58ca8ec0a0
1 changed files with 2 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/PVE/Firewall.pm
View File

@ -666,14 +666,10 @@ $pve_std_chains_conf->{6} = {
#{ action => 'DROP', dest => '224.0.0.0/4' },
],
'PVEFW-reject' => [
# same as shorewall 'reject'
#{ action => 'DROP', dsttype => 'BROADCAST' },
#{ action => 'DROP', source => '224.0.0.0/4' },
{ action => 'DROP', proto => 'icmpv6' },
{ match => '-p tcp', target => '-j REJECT --reject-with tcp-reset' },
#"-p udp -j REJECT --reject-with icmp-port-unreachable",
#"-p icmp -j REJECT --reject-with icmp-host-unreachable",
#"-j REJECT --reject-with icmp-host-prohibited",
{ match => '-p udp', target => '-j REJECT --reject-with icmp6-port-unreachable' },
{ target => '-j REJECT --reject-with icmp6-adm-prohibited' },
],
'PVEFW-Drop' => [
# same as shorewall 'Drop', which is equal to DROP,