Thu, 18 Dec 2014 16:56:55 +0100
ipset now adds the hostname to the blocklists so that the firewall scripts works on hosts and Linux Container clients without conflicts. The ipset tables are visible on the host and in the lxc clients. Then, silently drop icmpv6 router sollicitaion and neighbour sollicitation messages that come in with the hoplimit field not set to 255. Some Windows systems do this. Version 0.0.16
0 | 1 | # /etc/mbse-firewall/conf.d/blocklist6.conf |
2 | # | |
3 | # List with blocked IPv6 networks. All entries must be in address/netmask | |
4 | # format because blocking individual IPv6 addresses is useless. Block at | |
5 | # least a /64 network. | |
6 | # | |
7 | # 2001:DB8:dead:beef::/64 | |
8 | # | |
9 | # This file is loaded with the following commands: install or reload. | |
10 | # Comments begin with a # and can be placed behind entries too. | |
11 | # | |
12 | 2001:DB8:dead:beef::/64 # comment | |
13 | 2001:DB8:c0:ffee::/64 | |
14 | 2001:db8:daed::/48 | |
15 |