X-Git-Url: https://git.distorted.org.uk/~mdw/firewall/blobdiff_plain/8b021091932977b8bae420b7845369018e301451..994ac8d0782c89a636f47b02a2dc096c72ff58c5:/icmp.m4

diff --git a/icmp.m4 b/icmp.m4
index 460c838..3ccc6d9 100644
--- a/icmp.m4
+++ b/icmp.m4
@@ -33,27 +33,15 @@ for type in echo-request echo-reply; do
   run ip6tables -A check-icmp -p icmpv6 --icmpv6-type $type -j RETURN
 done
 
-## Certainly don't allow ping to broadcast or multicast addresses.
-case $forward in
-  1)
-    run iptables -A FORWARD -g forbidden \
-	    -p icmp --icmp-type echo-request \
-	    -m addrtype --dst-type BROADCAST
-    run iptables -A FORWARD -g forbidden \
-	    -p icmp --icmp-type echo-request \
-	    -d 224.0.0.0/8
-    run ip6tables -A FORWARD -g forbidden \
-	    -p icmpv6 --icmpv6-type echo-request \
-	    -d ff00::/16
-    ;;
-esac
-
 m4_divert(58)m4_dnl
 ## Other ICMP is basically benign, we claim.
 run ip46tables -A check-icmp -j ACCEPT
 
 ## Done.
-for i in $inchains; do run ip46tables -A $i -p icmp -j check-icmp; done
+for i in $inchains; do
+  run iptables -A $i -p icmp -j check-icmp
+  run ip6tables -A $i -p icmpv6 -j check-icmp
+done
 
 m4_divert(-1)
 ###----- That's all, folks --------------------------------------------------