/ - Diff - puppet nftables - Koumbit's Redmine

Révision 15aaf3c5

Ajouté par tr il y a plus de 4 ans

Allow only specific icmp types

         ct state established,related accept
         ct state invalid drop
         ip protocol icmp limit rate 4/second accept
         ip6 nexthdr ipv6-icmp limit rate 4/second accept
         ip protocol igmp limit rate 4/second accept
         ip protocol icmp icmp type { destination-unreachable, time-exceeded, parameter-problem } accept
         ip6 nexthdr ipv6-icmp icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, parameter-problem, mld-listener-query, mld-listener-report, mld-listener-reduction, nd-neighbor-solicit, nd-neighbor-advert, ind-neighbor-solicit, ind-neighbor-advert, mld2-listener-report } accept
         ip protocol icmp icmp type echo-request limit rate 4/second accept
         ip6 nexthdr ipv6-icmp icmpv6 type echo-request limit rate 4/second accept
+      }
       chain INPUT {

Formats disponibles : Unified diff