run ip6tables -A check-icmp -p icmpv6 --icmpv6-type $type -j RETURN
done
-## Certainly don't allow ping to broadcast or multicast addresses.
-case $forward in
- 1)
- run iptables -A FORWARD -g forbidden \
- -p icmp --icmp-type echo-request \
- -m addrtype --dst-type BROADCAST
- run iptables -A FORWARD -g forbidden \
- -p icmp --icmp-type echo-request \
- -d 224.0.0.0/8
- run ip6tables -A FORWARD -g forbidden \
- -p icmpv6 --icmpv6-type echo-request \
- -d ff00::/16
- ;;
-esac
-
m4_divert(58)m4_dnl
## Other ICMP is basically benign, we claim.
run ip46tables -A check-icmp -j ACCEPT
## Done.
-for i in $inchains; do run ip46tables -A $i -p icmp -j check-icmp; done
+for i in $inchains; do
+ run iptables -A $i -p icmp -j check-icmp
+ run ip6tables -A $i -p icmpv6 -j check-icmp
+done
m4_divert(-1)
###----- That's all, folks --------------------------------------------------