Browse Source

tags/v2.01a1
bbruns 6 years ago
parent
commit
0c7813397c
2 changed files with 9 additions and 5 deletions
  1. +7
    -3
      CHANGELOG
  2. +2
    -2
      lib/iptables.inc

+ 7
- 3
CHANGELOG View File

@@ -2,8 +2,11 @@
- Give people knobs to tinker with regarding state matching. Kills
multiple birds with one stone.
- forward.conf


- acl.conf
- IPv6 is actually working in this version when you have default policy set to DROP
IPv6 is particularly difficult regarding ICMPv6 - had to put in quite a few
allows by default to make it happy. Going to have to go through the list
and prune it once the code stabilizes.

2.00 Alpha 2 - 04/12/2014
- Slightly better documentation
@@ -28,7 +31,8 @@
- Easy Block functionality (IPv4/IPv6) - 3/31/2014
- ACL/Filtering functionality (IPv4/IPv6) - 4/5/2014
- NAT/NETMAP functionality (IPv4/IPv6) - 4/5/2014
- IPv6 NAT/NETMAP is untested, have no internal use for it, let me know if works/doesnt
- IPv6 NAT/NETMAP is untested, have no internal use for it,
let me know if works/doesnt
- Forwarding functionality (IPv4/IPv6) - 4/5/2014
- Adapted to use conntracking if available - 4/6/2014
- Deps on Enablev(4|6)ConnectionTracking for NAT functionality - 4/5/2014


+ 2
- 2
lib/iptables.inc View File

@@ -623,8 +623,8 @@ function enable_v6_critical_icmp {
${VER_IPTABLES} -A ${v6ICMP} -p ipv6-icmp --icmpv6-type 3 -j ACCEPT
${VER_IPTABLES} -A ${v6ICMP} -p ipv6-icmp --icmpv6-type 4 -j ACCEPT
${VER_IPTABLES} -A ${v6ICMP} -p ipv6-icmp --icmpv6-type 133 -j ACCEPT
${VER_IPTABLES} -A ${v6ICMP} -p ipv6-icmp --icmpv6-type 134-j ACCEPT
${VER_IPTABLES} -A ${v6ICMP} -p ipv6-icmp --icmpv6-type 135-j ACCEPT
${VER_IPTABLES} -A ${v6ICMP} -p ipv6-icmp --icmpv6-type 134 -j ACCEPT
${VER_IPTABLES} -A ${v6ICMP} -p ipv6-icmp --icmpv6-type 135 -j ACCEPT
${VER_IPTABLES} -A ${v6ICMP} -p ipv6-icmp --icmpv6-type 136 -j ACCEPT
${VER_IPTABLES} -A ${v6ICMP} -p ipv6-icmp --icmpv6-type 137 -j ACCEPT
${VER_IPTABLES} -A ${v6ICMP} -p ipv6-icmp --icmpv6-type 141 -j ACCEPT


Loading…
Cancel
Save