ebtables-filter-mcast: Remove redundant allow-filter for hop-by-hop
ebtables actually skips any IPv6 extension headers like the hop-by-hop one. So this rule is actually void. The intend back then was to allow passing MLD messages into the mesh. Since extension headers are skipped, the general icmpv6 rule will actually match MLD messages. So the hop-by-hop rule is unnecessary, too. Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
This commit is contained in:
parent
97879e80ad
commit
8e891b2cc4
@ -1,5 +1,3 @@
|
|||||||
rule 'MULTICAST_OUT -p IPv6 --ip6-protocol ipv6-icmp --ip6-icmp-type echo-request -j DROP'
|
rule 'MULTICAST_OUT -p IPv6 --ip6-protocol ipv6-icmp --ip6-icmp-type echo-request -j DROP'
|
||||||
rule 'MULTICAST_OUT -p IPv6 --ip6-protocol ipv6-icmp --ip6-icmp-type 139 -j DROP'
|
rule 'MULTICAST_OUT -p IPv6 --ip6-protocol ipv6-icmp --ip6-icmp-type 139 -j DROP'
|
||||||
rule 'MULTICAST_OUT -p IPv6 --ip6-protocol ipv6-icmp -j RETURN'
|
rule 'MULTICAST_OUT -p IPv6 --ip6-protocol ipv6-icmp -j RETURN'
|
||||||
|
|
||||||
rule 'MULTICAST_OUT -p IPv6 --ip6-protocol 0 -j RETURN' -- hop-by-hop
|
|
||||||
|
Loading…
Reference in New Issue
Block a user