Hi,
I'm currently testing firewall with ipv6,
and it seem than default reject is not working with udp.
looking at code, I see that comment on udp/icmp.
Is it a bug ?
'PVEFW-reject' => [
# same as shorewall 'reject'
#{ action => 'DROP', dsttype => 'BROADCAST' },
#{ action => 'DROP', source => '224.0.0.0/4' },
{ action => 'DROP', proto => 'icmpv6' },
{ match => '-p tcp', target => '-j REJECT --reject-with tcp-reset' },
#"-p udp -j REJECT --reject-with icmp-port-unreachable",
#"-p icmp -j REJECT --reject-with icmp-host-unreachable",
#"-j REJECT --reject-with icmp-host-prohibited",
],
_______________________________________________
pve-devel mailing list
[email protected]
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
