IPv6 ICMP criticals
parent
4b89a59d71
commit
261286113a
|
@ -1,6 +1,7 @@
|
||||||
0.9.12 - Brielle Bruns <bruns@2mbit.com>
|
0.9.12 - Brielle Bruns <bruns@2mbit.com>
|
||||||
- Change IPV6_ROUTEDCLIENTBLOCK so you can specify ranges to
|
- Change IPV6_ROUTEDCLIENTBLOCK so you can specify ranges to
|
||||||
block incoming to.
|
block incoming to.
|
||||||
|
- Add support for allowing IPV6 critical ICMP messages, on by default
|
||||||
|
|
||||||
0.9.11 - Brielle Bruns <bruns@2mbit.com>
|
0.9.11 - Brielle Bruns <bruns@2mbit.com>
|
||||||
- Move some of the config clutter to conf/ - you can
|
- Move some of the config clutter to conf/ - you can
|
||||||
|
|
|
@ -817,6 +817,17 @@ fi
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ "$IPV6_ICMP_OPT" ]; then
|
||||||
|
$IP6TABLES -A INPUT -p icmpv6 --icmpv6-type destination-unreachable -j ACCEPT
|
||||||
|
$IP6TABLES -A INPUT -p icmpv6 --icmpv6-type parameter-problem -j ACCEPT
|
||||||
|
$IP6TABLES -A OUTPUT -p icmpv6 --icmpv6-type destination-unreachable -j ACCEPT
|
||||||
|
$IP6TABLES -A OUTPUT -p icmpv6 --icmpv6-type parameter-problem -j ACCEPT
|
||||||
|
if [ "$IPV6_FORWARDRANGE" ]; then
|
||||||
|
$IP6TABLES -A FORWARD -p icmpv6 --icmpv6-type destination-unreachable -j ACCEPT
|
||||||
|
$IP6TABLES -A FORWARD -p icmpv6 --icmpv6-type parameter-problem -j ACCEPT
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
if [ -s "$BASEDIR/include/ipv6_custom_mssclamp" ]; then
|
if [ -s "$BASEDIR/include/ipv6_custom_mssclamp" ]; then
|
||||||
display_c YELLOW "Loading custom IPv6 MSS Clamp rules..."
|
display_c YELLOW "Loading custom IPv6 MSS Clamp rules..."
|
||||||
. "$BASEDIR/include/ipv6_custom_mssclamp"
|
. "$BASEDIR/include/ipv6_custom_mssclamp"
|
||||||
|
|
|
@ -217,4 +217,10 @@ BLOCKEDIP=$BASEDIR/conf/ipv4-blocked
|
||||||
# Allow critical ICMP messages to go through, such as packet too big.
|
# Allow critical ICMP messages to go through, such as packet too big.
|
||||||
# You should _really_ make sure you don't disable this if you have any
|
# You should _really_ make sure you don't disable this if you have any
|
||||||
# kind of MTU changes inside or outside your network.
|
# kind of MTU changes inside or outside your network.
|
||||||
|
# Allows: time-exceeded packet-too-big
|
||||||
IPV6_ICMP_CRITICAL=1
|
IPV6_ICMP_CRITICAL=1
|
||||||
|
|
||||||
|
# Allow other common IPV6 ICMP messages through the firewall. Though not
|
||||||
|
# really critical, these can help with general IPv6 usage/diagnostic
|
||||||
|
# Allows: destination-unreachable parameter-problem
|
||||||
|
#IPV6_ICMP_OPT=1
|
Loading…
Reference in New Issue