brielle
/
Firewall-SOSDG
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

master
bruns@2mbit.com 2010-05-16 03:41:56 +00:00
parent 6b5bc5049e
commit b8cd81bc6a
2 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ChangeLog
View File

@ -1,3 +1,6 @@
0.8 - Brielle Bruns <bruns@2mbit.com>
- IPv6 Connection Tracking fixes
0.7 - Brielle Bruns <bruns@2mbit.com> 0.7 - Brielle Bruns <bruns@2mbit.com>
- MSS Clamp on IPv6 - MSS Clamp on IPv6
- MSS Fixes, yes, its ugly - MSS Fixes, yes, its ugly

2
rc.firewall
View File

@ -236,6 +236,8 @@ if [ $IPV6 ]; then
if [ $IPV6ROUTEDCLIENTBLOCK ]; then if [ $IPV6ROUTEDCLIENTBLOCK ]; then
$IP6TABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT $IP6TABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IP6TABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT $IP6TABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
$IP6TABLES -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
$IP6TABLES -A OUTPUT -m state --state NEW -j ACCEPT
$IP6TABLES -A FORWARD -i $IPV6INT -o $IPV6LAN -p tcp --syn -j DROP $IP6TABLES -A FORWARD -i $IPV6INT -o $IPV6LAN -p tcp --syn -j DROP
$IP6TABLES -A INPUT -i $IPV6INT -p tcp --syn -j DROP $IP6TABLES -A INPUT -i $IPV6INT -p tcp --syn -j DROP
$IP6TABLES -A INPUT -i $IPV6INT -p udp ! --dport 32768:65535 -j DROP $IP6TABLES -A INPUT -i $IPV6INT -p udp ! --dport 32768:65535 -j DROP