bookends.m4: Allow responding to broadcast and multicast ping.

[firewall] / bookends.m4

diff --git a/bookends.m4 b/bookends.m4
index 6ba28274aa7a527db03803763cfb1a5d3cb6263f..495e95a76e89667d5c1a5190281df0777d1e7147 100644 (file)
--- a/bookends.m4
+++ b/bookends.m4
@@ -52,6 +52,9 @@ setopt ip_local_port_range $open_port_min $open_port_max
 ## Deploy SYN-cookies if necessary.
 setopt tcp_syncookies 1
 
+## Allow broadcast and multicast ping, because it's a useful diagnostic tool.
+setopt icmp_echo_ignore_broadcasts 0
+
 ## Turn off iptables filtering for bridges.  We'll use ebtables if we need
 ## to; but right now the model is that we do filtering at the borders, and
 ## are tolerant of things which are local.