Révision ad3dbd7d
Rewrite mdns rules to limit to multicast and allow IPv6
This limits the mdns listener to only listen on multicast addresses with
port 5353. One rule for IPv4 and one for IPv6, each controllable with a
parameter.
The generic 5353 to 5353 rule is dropped since it's redundant when I
read [RFC6762].
[RFC6762]: https://www.rfc-editor.org/rfc/rfc6762
| REFERENCE.md | ||
|---|---|---|
| 657 | 657 |
|
| 658 | 658 |
allow incoming multicast DNS |
| 659 | 659 |
|
| 660 |
#### Parameters |
|
| 661 |
|
|
| 662 |
The following parameters are available in the `nftables::rules::mdns` class: |
|
| 663 |
|
|
| 664 |
* [`ipv4`](#-nftables--rules--mdns--ipv4) |
|
| 665 |
* [`ipv6`](#-nftables--rules--mdns--ipv6) |
|
| 666 |
|
|
| 667 |
##### <a name="-nftables--rules--mdns--ipv4"></a>`ipv4` |
|
| 668 |
|
|
| 669 |
Data type: `Boolean` |
|
| 670 |
|
|
| 671 |
Allow mdns over IPv4 |
|
| 672 |
|
|
| 673 |
Default value: `true` |
|
| 674 |
|
|
| 675 |
##### <a name="-nftables--rules--mdns--ipv6"></a>`ipv6` |
|
| 676 |
|
|
| 677 |
Data type: `Boolean` |
|
| 678 |
|
|
| 679 |
Allow mdns over IPv6 |
|
| 680 |
|
|
| 681 |
Default value: `true` |
|
| 682 |
|
|
| 660 | 683 |
### <a name="nftables--rules--multicast"></a>`nftables::rules::multicast` |
| 661 | 684 |
|
| 662 | 685 |
allow incoming multicast traffic |
Formats disponibles : Unified diff