Slackware/bootstrap
1
0
Fork 0
Code Releases Wiki Activity

Add extra icmp6 notifications to firewall.

Browse source
This commit is contained in:
Darren 'Tadgy' Austin 2021-02-14 20:51:01 +00:00
commit 7cd1a731e5
3 changed files with 13 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

6
sample-rc.d/rc.firewall-float
View file

@ -2,7 +2,7 @@
# The name of the main external interface.
EX_IF="eth0"
# The name of the VM-Private network interface.
# The name of the Private network interface.
PRI_IF="eth1"
# IP addresses
@ -49,7 +49,7 @@ iptables -A INPUT -i "$EX_IF" -s 192.168.0.0/16 -j DROP
iptables -A INPUT -i lo -j ACCEPT
ip6tables -A INPUT -i lo -j ACCEPT
# Allow all VM-Private network traffic.
# Allow all Private network traffic.
iptables -A INPUT -i "$PRI_IF" -j ACCEPT
ip6tables -A INPUT -i "$PRI_IF" -j ACCEPT
@ -79,6 +79,8 @@ ip6tables -A INPUT -i "$EX_IF" -p icmpv6 --icmpv6-type time-exceeded -j ACCEPT
iptables -A INPUT -i "$EX_IF" -p icmp --icmp-type parameter-problem -j ACCEPT
ip6tables -A INPUT -i "$EX_IF" -p icmpv6 --icmpv6-type parameter-problem -j ACCEPT
ip6tables -A INPUT -i "$EX_IF" -p icmpv6 --icmpv6-type packet-too-big -j ACCEPT
#ip6tables -A INPUT -i "$EX_IF" -p icmpv6 --icmpv6-type neighbour-solicitation -j ACCEPT
#ip6tables -A INPUT -i "$EX_IF" -p icmpv6 --icmpv6-type neighbour-advertisement -j ACCEPT
# Always allow SSH.
# Note: We never want to be locked out of the system, so also accept on the standard ssh port, just in case things accidently get