Looking on the net, the udp reject should be done with: -p udp -j REJECT --reject-with icmp6-adm-prohibited
----- Mail original ----- De: "aderumier" <[email protected]> À: "pve-devel" <[email protected]> Envoyé: Lundi 29 Avril 2019 11:48:32 Objet: [pve-devel] firewall : ipv6 reject not working for udp Hi, I'm currently testing firewall with ipv6, and it seem than default reject is not working with udp. looking at code, I see that comment on udp/icmp. Is it a bug ? 'PVEFW-reject' => [ # same as shorewall 'reject' #{ action => 'DROP', dsttype => 'BROADCAST' }, #{ action => 'DROP', source => '224.0.0.0/4' }, { action => 'DROP', proto => 'icmpv6' }, { match => '-p tcp', target => '-j REJECT --reject-with tcp-reset' }, #"-p udp -j REJECT --reject-with icmp-port-unreachable", #"-p icmp -j REJECT --reject-with icmp-host-unreachable", #"-j REJECT --reject-with icmp-host-prohibited", ], _______________________________________________ pve-devel mailing list [email protected] https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel _______________________________________________ pve-devel mailing list [email protected] https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
