-### -*-m4-*-
+### -*-sh-*-
###
### ICMP filtering for firewall scripts
###
## Ping needs inspecting on a host-by-host basis.
for type in echo-request echo-reply; do
run iptables -A check-icmp -p icmp --icmp-type $type -j RETURN
+ run ip6tables -A check-icmp -p icmpv6 --icmpv6-type $type -j RETURN
done
-## Certainly don't allow ping to broadcast addresses.
-run iptables -A check-icmp -g forbidden \
- -p icmp --icmp-type echo-request \
- -m addrtype --dst-type BROADCAST
-
m4_divert(58)m4_dnl
## Other ICMP is basically benign, we claim.
-run iptables -A check-icmp -j ACCEPT
+run ip46tables -A check-icmp -j ACCEPT
## Done.
-for i in INPUT FORWARD; do
+for i in $inchains; do
run iptables -A $i -p icmp -j check-icmp
+ run ip6tables -A $i -p icmpv6 -j check-icmp
done
m4_divert(-1)
~mdw / firewall / blobdiff