986
if ( have_capability( 'ADDRTYPE' ) ) {
987
add_ijump $rejectref , j => 'DROP' , addrtype => '--src-type BROADCAST';
989
if ( $family == F_IPV4 ) {
990
add_commands $rejectref, 'for address in $ALL_BCASTS; do';
992
add_commands $rejectref, 'for address in $ALL_ACASTS; do';
995
incr_cmd_level $rejectref;
996
add_ijump $rejectref, j => 'DROP', d => '$address';
997
decr_cmd_level $rejectref;
998
add_commands $rejectref, 'done';
1001
if ( $family == F_IPV4 ) {
1002
add_ijump $rejectref , j => 'DROP', s => '224.0.0.0/4';
1004
add_ijump $rejectref , j => 'DROP', s => IPv6_MULTICAST;
1007
add_ijump $rejectref , j => 'DROP', p => 2;
1008
add_ijump $rejectref , j => 'REJECT', targetopts => '--reject-with tcp-reset', p => 6;
1010
if ( have_capability( 'ENHANCED_REJECT' ) ) {
1011
add_ijump $rejectref , j => 'REJECT', p => 17;
1013
if ( $family == F_IPV4 ) {
1014
add_ijump $rejectref, j => 'REJECT --reject-with icmp-host-unreachable', p => 1;
1015
add_ijump $rejectref, j => 'REJECT --reject-with icmp-host-prohibited';
1017
add_ijump $rejectref, j => 'REJECT --reject-with icmp6-addr-unreachable', p => 58;
1018
add_ijump $rejectref, j => 'REJECT --reject-with icmp6-adm-prohibited';
1021
add_ijump $rejectref , j => 'REJECT';
986
unless ( $config{REJECT_ACTION} ) {
987
if ( have_capability( 'ADDRTYPE' ) ) {
988
add_ijump $rejectref , j => 'DROP' , addrtype => '--src-type BROADCAST';
990
if ( $family == F_IPV4 ) {
991
add_commands $rejectref, 'for address in $ALL_BCASTS; do';
993
add_commands $rejectref, 'for address in $ALL_ACASTS; do';
996
incr_cmd_level $rejectref;
997
add_ijump $rejectref, j => 'DROP', d => '$address';
998
decr_cmd_level $rejectref;
999
add_commands $rejectref, 'done';
1002
if ( $family == F_IPV4 ) {
1003
add_ijump $rejectref , j => 'DROP', s => '224.0.0.0/4';
1005
add_ijump $rejectref , j => 'DROP', s => IPv6_MULTICAST;
1008
add_ijump $rejectref , j => 'DROP', p => 2;
1009
add_ijump $rejectref , j => 'REJECT', targetopts => '--reject-with tcp-reset', p => 6;
1011
if ( have_capability( 'ENHANCED_REJECT' ) ) {
1012
add_ijump $rejectref , j => 'REJECT', p => 17;
1014
if ( $family == F_IPV4 ) {
1015
add_ijump $rejectref, j => 'REJECT --reject-with icmp-host-unreachable', p => 1;
1016
add_ijump $rejectref, j => 'REJECT --reject-with icmp-host-prohibited';
1018
add_ijump $rejectref, j => 'REJECT --reject-with icmp6-addr-unreachable', p => 58;
1019
add_ijump $rejectref, j => 'REJECT --reject-with icmp6-adm-prohibited';
1022
add_ijump $rejectref , j => 'REJECT';
1024
1026
$list = find_interfaces_by_option 'dhcp';