Commit 17f81f10 authored by Kaarle Ritvanen's avatar Kaarle Ritvanen

by default, allow all ICMPv6 messages originating from or destined to local host

parent 0b156793
......@@ -126,7 +126,8 @@ function Policy:servoptfrags() return nil end
classes = {{'filter', Filter},
{'policy', Policy}}
defrules = {pre={}}
defrules = {pre={}, ['post-filter']={}}
for i, family in ipairs({'inet', 'inet6'}) do
for i, target in ipairs({'DROP', 'REJECT'}) do
for i, opts in ipairs({'-m limit --limit 1/second -j LOG', '-j '..target}) do
......@@ -154,3 +155,11 @@ for i, family in ipairs({'inet', 'inet6'}) do
opts='-'..string.lower(string.sub(chain, 1, 1))..' lo -j ACCEPT'})
end
end
for i, chain in ipairs({'INPUT', 'OUTPUT'}) do
table.insert(defrules['post-filter'],
{family='inet6',
table='filter',
chain=chain,
opts='-p icmpv6 -j ACCEPT'})
end
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment