Mercurial > mbse-firewall / file revision

• file
• latest
• revisions
• annotate
• diff
• comparison
• raw

etc/nfacct.conf.example@92045b0e8e17

etc/nfacct.conf.example

Thu, 18 Dec 2014 16:56:55 +0100

author

Michiel Broek <mbroek@mbse.eu>

date

Thu, 18 Dec 2014 16:56:55 +0100

changeset 4

92045b0e8e17

parent 2

7c794ae9f4de

permissions

-rw-r--r--

ipset now adds the hostname to the blocklists so that the firewall scripts works on hosts and Linux Container clients without conflicts. The ipset tables are visible on the host and in the lxc clients. Then, silently drop icmpv6 router sollicitaion and neighbour sollicitation messages that come in with the hoplimit field not set to 255. Some Windows systems do this. Version 0.0.16

# /etc/mbse-firewall/conf.d/nfacct.conf
#
# List with netfilter accounting objects.
#
# This file is loaded with the following commands: install or start.
# Comments begin with a # and can be placed behind entries too.
#
ipv4.in			# ipv4 input traffic
ipv4.http		# ipv4 webserver traffic