← Back to branch summary

~ubuntu-branches/ubuntu/precise/shorewall6/precise

« back to all changes in this revision

Viewing changes to action.A_AllowICMPs

  • Committer: Bazaar Package Importer
  • Author(s): Roberto C. Sanchez
  • Date: 2011-06-07 20:42:53 UTC
  • mfrom: (1.3.21 upstream)
  • Revision ID: james.westby@ubuntu.com-20110607204253-shuyx4o2yvc7v9my
Tags: 4.4.20.1-1
http://bugs.debian.org/629115
* New Upstream Version
* New debconf translation, Brazilian Portugese, thanks to Eder L. Marques
  (Closes: #629115)

Show diffs side-by-side

added added

removed removed

Lines of Context:
action.A_AllowICMPs
 
1
#
 
2
# Shorewall6 version 4 - Audited AllowICMPs Action
 
3
#
 
4
# /usr/share/shorewall6/action.A_AllowICMPs
 
5
#
 
6
#       This action A_ACCEPTs needed ICMP types
 
7
#
 
8
###############################################################################
 
9
#TARGET         SOURCE          DEST    PROTO           DEST
 
10
#                                                       PORT(S) 
 
11
COMMENT Needed ICMP types (RFC4890)
 
12
 
 
13
A_ACCEPT        -               -       ipv6-icmp       destination-unreachable
 
14
A_ACCEPT        -               -       ipv6-icmp       packet-too-big
 
15
A_ACCEPT        -               -       ipv6-icmp       time-exceeded
 
16
A_ACCEPT        -               -       ipv6-icmp       parameter-problem
 
17
 
 
18
# The following should have a ttl of 255 and must be allowed to transit a bridge
 
19
A_ACCEPT        -               -       ipv6-icmp       router-solicitation
 
20
A_ACCEPT        -               -       ipv6-icmp       router-advertisement
 
21
A_ACCEPT        -               -       ipv6-icmp       neighbour-solicitation
 
22
A_ACCEPT        -               -       ipv6-icmp       neighbour-advertisement
 
23
A_ACCEPT        -               -       ipv6-icmp       137     # Redirect
 
24
A_ACCEPT        -               -       ipv6-icmp       141     # Inverse neighbour discovery solicitation
 
25
A_ACCEPT        -               -       ipv6-icmp       142     # Inverse neighbour discovery advertisement
 
26
 
 
27
# The following should have a link local source address and must be allowed to transit a bridge
 
28
A_ACCEPT        fe80::/10       -       ipv6-icmp       130     # Listener query
 
29
A_ACCEPT        fe80::/10       -       ipv6-icmp       131     # Listener report
 
30
A_ACCEPT        fe80::/10       -       ipv6-icmp       132     # Listener done
 
31
A_ACCEPT        fe80::/10       -       ipv6-icmp       143     # Listener report v2
 
32
 
 
33
# The following should be received with a ttl of 255 and must be allowed to transit a bridge
 
34
A_ACCEPT        -               -       ipv6-icmp       148     # Certificate path solicitation
 
35
A_ACCEPT        -               -       ipv6-icmp       149     # Certificate path advertisement
 
36
 
 
37
# The following should have a link local source address and a ttl of 1 and must be allowed to transit abridge
 
38
A_ACCEPT        fe80::/10       -       ipv6-icmp       151     # Multicast router advertisement
 
39
A_ACCEPT        fe80::/10       -       ipv6-icmp       152     # Multicast router solicitation
 
40
A_ACCEPT        fe80::/10       -       ipv6-icmp       153     # Multicast router termination