-## Allow ping from safe/noloop to untrusted networks.
-run iptables -A fwd-spec-nofrag -j ACCEPT \
- -p icmp --icmp-type echo-request \
- -m mark --mark $to_untrusted/$MASK_TO
-run iptables -A fwd-spec-nofrag -j ACCEPT \
- -p icmp --icmp-type echo-reply \
- -m mark --mark $from_untrusted/$MASK_FROM \
- -m state --state ESTABLISHED
-run ip6tables -A fwd-spec-nofrag -j ACCEPT \
- -p ipv6-icmp --icmpv6-type echo-request \
- -m mark --mark $to_untrusted/$MASK_TO
-run ip6tables -A fwd-spec-nofrag -j ACCEPT \
- -p ipv6-icmp --icmpv6-type echo-reply \
- -m mark --mark $from_untrusted/$MASK_FROM \
- -m state --state ESTABLISHED
+ ## Allow ping from safe/noloop to untrusted networks.
+ run iptables -A fwd-spec-nofrag -j ACCEPT \
+ -p icmp --icmp-type echo-request \
+ -m mark --mark $to_untrusted/$MASK_TO
+ run iptables -A fwd-spec-nofrag -j ACCEPT \
+ -p icmp --icmp-type echo-reply \
+ -m mark --mark $from_untrusted/$MASK_FROM \
+ -m state --state ESTABLISHED
+ run ip6tables -A fwd-spec-nofrag -j ACCEPT \
+ -p icmpv6 --icmpv6-type echo-request \
+ -m mark --mark $to_untrusted/$MASK_TO
+ run ip6tables -A fwd-spec-nofrag -j ACCEPT \
+ -p icmpv6 --icmpv6-type echo-reply \
+ -m mark --mark $from_untrusted/$MASK_FROM \
+ -m state --state ESTABLISHED