X-Git-Url: https://git.distorted.org.uk/~mdw/firewall/blobdiff_plain/bfdc045deb6149808d309b4ac3c292d9c57a8b38..4f8c198960217f631e0fcb20e8615fc93c3d1da2:/icmp.m4

diff --git a/icmp.m4 b/icmp.m4
index 004d583..3ccc6d9 100644
--- a/icmp.m4
+++ b/icmp.m4
@@ -1,4 +1,4 @@
-### -*-m4-*-
+### -*-sh-*-
 ###
 ### ICMP filtering for firewall scripts
 ###
@@ -30,20 +30,17 @@ clearchain check-icmp
 ## Ping needs inspecting on a host-by-host basis.
 for type in echo-request echo-reply; do
   run iptables -A check-icmp -p icmp --icmp-type $type -j RETURN
+  run ip6tables -A check-icmp -p icmpv6 --icmpv6-type $type -j RETURN
 done
 
-## Certainly don't allow ping to broadcast addresses.
-run iptables -A check-icmp -g forbidden \
-	-p icmp --icmp-type echo-request \
-	-m addrtype --dst-type BROADCAST
-
 m4_divert(58)m4_dnl
 ## Other ICMP is basically benign, we claim.
-run iptables -A check-icmp -j ACCEPT
+run ip46tables -A check-icmp -j ACCEPT
 
 ## Done.
-for i in INPUT FORWARD; do
+for i in $inchains; do
   run iptables -A $i -p icmp -j check-icmp
+  run ip6tables -A $i -p icmpv6 -j check-icmp
 done
 
 m4_divert(-1)