[pve-devel] firewall : ipv6 reject not working for udp
Alexandre DERUMIER
aderumier at odiso.com
Mon Apr 29 11:48:32 CEST 2019
Hi,
I'm currently testing firewall with ipv6,
and it seem than default reject is not working with udp.
looking at code, I see that comment on udp/icmp.
Is it a bug ?
'PVEFW-reject' => [
# same as shorewall 'reject'
#{ action => 'DROP', dsttype => 'BROADCAST' },
#{ action => 'DROP', source => '224.0.0.0/4' },
{ action => 'DROP', proto => 'icmpv6' },
{ match => '-p tcp', target => '-j REJECT --reject-with tcp-reset' },
#"-p udp -j REJECT --reject-with icmp-port-unreachable",
#"-p icmp -j REJECT --reject-with icmp-host-unreachable",
#"-j REJECT --reject-with icmp-host-prohibited",
],
More information about the pve-devel
mailing list