[pve-devel] applied: [PATCH pve-firewall] fix ipv6 PVEFW-reject
Thomas Lamprecht
t.lamprecht at proxmox.com
Tue Apr 30 11:25:09 CEST 2019
Am 4/29/19 um 4:18 PM schrieb Alexandre Derumier:
> Signed-off-by: Alexandre Derumier <aderumier at odiso.com>
> ---
> src/PVE/Firewall.pm | 8 ++------
> 1 file changed, 2 insertions(+), 6 deletions(-)
>
> diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
> index 1607b74..806fd4b 100644
> --- a/src/PVE/Firewall.pm
> +++ b/src/PVE/Firewall.pm
> @@ -666,14 +666,10 @@ $pve_std_chains_conf->{6} = {
> #{ action => 'DROP', dest => '224.0.0.0/4' },
> ],
> 'PVEFW-reject' => [
> - # same as shorewall 'reject'
> - #{ action => 'DROP', dsttype => 'BROADCAST' },
> - #{ action => 'DROP', source => '224.0.0.0/4' },
> { action => 'DROP', proto => 'icmpv6' },
> { match => '-p tcp', target => '-j REJECT --reject-with tcp-reset' },
> - #"-p udp -j REJECT --reject-with icmp-port-unreachable",
> - #"-p icmp -j REJECT --reject-with icmp-host-unreachable",
> - #"-j REJECT --reject-with icmp-host-prohibited",
> + { match => '-p udp', target => '-j REJECT --reject-with icmp6-port-unreachable' },
> + { target => '-j REJECT --reject-with icmp6-adm-prohibited' },
> ],
> 'PVEFW-Drop' => [
> # same as shorewall 'Drop', which is equal to DROP,
>
applied, thanks!
More information about the pve-devel
mailing list