From: Mark Wooding <mdw@distorted.org.uk>
Date: Sun, 10 Jul 2011 20:46:41 +0000 (+0100)
Subject: bookends.m4: Allow responding to broadcast and multicast ping.
X-Git-Url: https://git.distorted.org.uk/~mdw/firewall/commitdiff_plain/c8d422ecbe80759b2a92214920ade76592e02153

bookends.m4: Allow responding to broadcast and multicast ping.

This way, I can see which things are responding to multicasts.
---

diff --git a/bookends.m4 b/bookends.m4
index 6ba2827..495e95a 100644
--- a/bookends.m4
+++ b/bookends.m4
@@ -52,6 +52,9 @@ setopt ip_local_port_range $open_port_min $open_port_max
 ## Deploy SYN-cookies if necessary.
 setopt tcp_syncookies 1
 
+## Allow broadcast and multicast ping, because it's a useful diagnostic tool.
+setopt icmp_echo_ignore_broadcasts 0
+
 ## Turn off iptables filtering for bridges.  We'll use ebtables if we need
 ## to; but right now the model is that we do filtering at the borders, and
 ## are tolerant of things which are local.