webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-28 11:43:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

Forward Firewall: fixed icmp-types and deleted dmzholes chain

Browse Source
This commit is contained in:
Alexander Marx
2013-01-31 08:45:04 +01:00
committed by Michael Tremer
parent 8f1634ffbc
commit d6bdebd47d
2 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
config/fwhosts/icmp-types
View File

@@ -1,4 +1,4 @@
0,echo-reply (pong),0 0,echo-reply,0
1,destination-unreachable,3 1,destination-unreachable,3
2,network-unreachable,3/0 2,network-unreachable,3/0
3,host-unreachable,3/1 3,host-unreachable,3/1
@@ -21,10 +21,10 @@
20,host-redirect,5/1 20,host-redirect,5/1
21,TOS-network-redirect,5/2 21,TOS-network-redirect,5/2
22,TOS-host-redirect,5/3 22,TOS-host-redirect,5/3
23,echo-request (ping),8 23,echo-request,8
24,router-advertisement,9 24,router-advertisement,9
25,router-solicitation,10 25,router-solicitation,10
26,time-exceeded (ttl-exceeded),11 26,time-exceeded,11
27,ttl-zero-during-transit,11/0 27,ttl-zero-during-transit,11/0
28,ttl-zero-during-reassembly,11/1 28,ttl-zero-during-reassembly,11/1
29,parameter-problem,12 29,parameter-problem,12

4
src/initscripts/init.d/firewall
View File

@@ -242,9 +242,9 @@ case "$1" in
iptables_red iptables_red
# DMZ pinhole chain. setdmzholes setuid prog adds rules here to allow # DMZ pinhole chain.
# ORANGE to talk to GREEN / BLUE. # ORANGE to talk to GREEN / BLUE.
/sbin/iptables -N DMZHOLES
if [ "$ORANGE_DEV" != "" ]; then if [ "$ORANGE_DEV" != "" ]; then
/sbin/iptables -A FORWARD -i $ORANGE_DEV -m state --state NEW -j FORWARDFW /sbin/iptables -A FORWARD -i $ORANGE_DEV -m state --state NEW -j FORWARDFW
fi fi