wallenstein/algo
1
0
Fork 0
mirror of https://github.com/trailofbits/algo.git synced 2025-06-05 22:54:01 +02:00
Code Issues Projects Releases Wiki Activity

Update rules.v6.j2 (#818)

Browse source 
Updated to use -m conntrack for consistency as per the other IPv6 rules.
This commit is contained in:
adamluk 2018-03-12 15:51:34 +00:00 committed by Dan Guido
parent 3bb6c32abb
commit b30f6db079
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
roles/vpn/templates/rules.v6.j2
View file

@ -32,7 +32,7 @@ COMMIT
-A INPUT -p icmpv6 --icmpv6-type neighbor-advertisement -m hl --hl-eq 255 -j ACCEPT
-A INPUT -p icmpv6 --icmpv6-type redirect -m hl --hl-eq 255 -j ACCEPT
# DHCP in AWS
-A INPUT -m state --state NEW -m udp -p udp --dport 546 -d fe80::/64 -j ACCEPT
-A INPUT -m conntrack --ctstate NEW -m udp -p udp --dport 546 -d fe80::/64 -j ACCEPT
# TODO:
# The IP of the resolver should be bound to a DUMMY interface.
# DUMMY interfaces are the proper way to install IPs without assigning them any