File tree Expand file tree Collapse file tree 1 file changed +3
-1
lines changed
Expand file tree Collapse file tree 1 file changed +3
-1
lines changed Original file line number Diff line number Diff line change @@ -2,21 +2,23 @@ FWD_START_TEST([rpfilter - strict])
22AT_KEYWORDS(rpfilter)
33CHECK_NFTABLES_FIB()
44
5+ AT_CHECK([sed -i 's/^LogDenied.*/LogDenied=multicast/' ./firewalld.conf])
56AT_CHECK([sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=strict/' ./firewalld.conf])
67FWD_RELOAD()
78
89NFT_LIST_RULES([inet], [filter_PREROUTING], 0, [dnl
910 table inet firewalld {
1011 chain filter_PREROUTING {
1112 icmpv6 type { nd-router-advert, nd-neighbor-solicit } accept
12- meta nfproto ipv6 fib saddr . mark . iif oif missing drop
13+ meta nfproto ipv6 fib saddr . mark . iif oif missing meta pkttype multicast log prefix "rpfilter_DROP: " drop
1314 }
1415 }
1516])
1617
1718IP6TABLES_LIST_RULES([mangle], [PREROUTING], 0, [dnl
1819 ACCEPT 58 -- ::/0 ::/0 ipv6-icmptype 134
1920 ACCEPT 58 -- ::/0 ::/0 ipv6-icmptype 135
21+ LOG 0 -- ::/0 ::/0 rpfilter validmark invert PKTTYPE = multicast LOG flags 0 level 4 prefix "rpfilter_DROP: "
2022 DROP 0 -- ::/0 ::/0 rpfilter validmark invert
2123 PREROUTING_direct 0 -- ::/0 ::/0
2224 PREROUTING_POLICIES 0 -- ::/0 ::/0
You can’t perform that action at this time.
0 commit comments