[pve-devel] [PATCH v2 firewall 2/2] Add router-solicitation to NeighborDiscovery macro

Wolfgang Bumiller w.bumiller at proxmox.com
Fri Feb 19 09:43:33 CET 2016


to be more consistent with the host-wide NDP option.
This macro is now mostly useful to disable NDP on VMs.
---
 src/PVE/Firewall.pm | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 25f1cc9..c556be4 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -138,6 +138,7 @@ my $pve_ipv6fw_macros = {
     ],
     'NeighborDiscovery' => [
 	"IPv6 neighbor solicitation, neighbor and router advertisement",
+	{ action => 'PARAM', proto => 'icmpv6', dport => 'router-solicitation' },
 	{ action => 'PARAM', proto => 'icmpv6', dport => 'router-advertisement' },
 	{ action => 'PARAM', proto => 'icmpv6', dport => 'neighbor-solicitation' },
 	{ action => 'PARAM', proto => 'icmpv6', dport => 'neighbor-advertisement' },
-- 
2.1.4





More information about the pve-devel mailing list