"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "Samples6/Universal/interfaces.annotated" between
shorewall6-5.2.7.tar.bz2 and shorewall6-5.2.8.tar.bz2

About: Shorewall (The Shoreline Firewall) is an iptables based firewall Requires the Shorewall package and adds the capability to create an IPv6 firewall.

interfaces.annotated  (shorewall6-5.2.7.tar.bz2):interfaces.annotated  (shorewall6-5.2.8.tar.bz2)
skipping to change at line 376 skipping to change at line 376
# #
# nosmurfs # nosmurfs
# #
# IPv4 only. Filter packets for smurfs (packets with a broadcast address # IPv4 only. Filter packets for smurfs (packets with a broadcast address
# as the source). # as the source).
# #
# Smurfs will be optionally logged based on the setting of # Smurfs will be optionally logged based on the setting of
# SMURF_LOG_LEVEL in shorewall.conf(5). After logging, the packets are # SMURF_LOG_LEVEL in shorewall.conf(5). After logging, the packets are
# dropped. # dropped.
# #
# omitanycast
#
# IPv6 only. Added in Shorewall 5.2.8.
#
# Shorewall6 has traditionally generated rules for IPv6 anycast
# addresses. These rules include:
#
# a. Packets with these destination IP addresses are dropped by REJECT
# rules.
#
# b. Packets with these source IP addresses are dropped by the
# 'nosmurfs' interface option and by the 'dropSmurfs' action.
#
# c. Packets with these destination IP addresses are not logged during
# policy enforcement.
#
# d. Packets with these destination IP addresses are processes by the
# 'Broadcast' action.
#
# This can be inhibited for individual interfaces by specifying noanycas
t
# for those interfaces.
#
# Note
#
# RFC 2526 describes IPv6 subnet anycast addresses. The RFC makes a
# distinction between subnets with "IPv6 address types required to have
# 64-bit interface identifiers in EUI-64 format" and all other subnets.
# When generating these anycast addresses, the Shorewall compiler does
# not make this distinction and unconditionally assumes that the last 12
8
# addresses in the subnet are reserved as anycast addresses.
#
# optional # optional
# #
# This option indicates that the firewall should be able to start, even # This option indicates that the firewall should be able to start, even
# if the interface is not usable for handling traffic. It allows use of # if the interface is not usable for handling traffic. It allows use of
# the enable and disable commands on the interface. # the enable and disable commands on the interface.
# #
# When optional is specified for an interface, Shorewall will be silent # When optional is specified for an interface, Shorewall will be silent
# when: # when:
# #
# ☆ a /proc/sys/net/ipv[46]/conf/ entry for the interface cannot be # ☆ a /proc/sys/net/ipv[46]/conf/ entry for the interface cannot be
 End of changes. 1 change blocks. 
0 lines changed or deleted 33 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)