wallenstein/algo
1
0
Fork 0
mirror of https://github.com/trailofbits/algo.git synced 2025-09-02 18:13:13 +02:00
Code Issues Projects Releases Wiki Activity

Merge pull request #1 from adamluk/conntrack-rather-than-state

Browse source 
Update rules.v6.j2
This commit is contained in:
adamluk 2018-03-02 20:55:46 +00:00 committed by GitHub
commit 03dcffb514
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
roles/vpn/templates/rules.v6.j2
View file

@ -32,7 +32,7 @@ COMMIT
-A INPUT -p icmpv6 --icmpv6-type neighbor-advertisement -m hl --hl-eq 255 -j ACCEPT
-A INPUT -p icmpv6 --icmpv6-type redirect -m hl --hl-eq 255 -j ACCEPT
# DHCP in AWS
-A INPUT -m state --state NEW -m udp -p udp --dport 546 -d fe80::/64 -j ACCEPT
-A INPUT -m conntrack --ctstate NEW -m udp -p udp --dport 546 -d fe80::/64 -j ACCEPT
# TODO:
# The IP of the resolver should be bound to a DUMMY interface.
# DUMMY interfaces are the proper way to install IPs without assigning them any