nightmorph 06/11/01 07:06:55 Modified: shb-firewalls.xml Log: slightly tweaked icmp section of firewall script example per bug 148015
Revision Changes Path 1.5 xml/htdocs/doc/en/security/shb-firewalls.xml file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/security/shb-firewalls.xml?rev=1.5&view=markup plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/security/shb-firewalls.xml?rev=1.5&content-type=text/plain diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/security/shb-firewalls.xml?r1=1.4&r2=1.5 Index: shb-firewalls.xml =================================================================== RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/shb-firewalls.xml,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- shb-firewalls.xml 18 Sep 2006 09:22:48 -0000 1.4 +++ shb-firewalls.xml 1 Nov 2006 07:06:54 -0000 1.5 @@ -1,5 +1,5 @@ <?xml version='1.0' encoding='UTF-8'?> -<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/shb-firewalls.xml,v 1.4 2006/09/18 09:22:48 neysx Exp $ --> +<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/shb-firewalls.xml,v 1.5 2006/11/01 07:06:54 nightmorph Exp $ --> <!DOCTYPE sections SYSTEM "/dtd/book.dtd"> <!-- The content of this document is licensed under the CC-BY-SA license --> @@ -7,8 +7,8 @@ <sections> -<version>1.1</version> -<date>2005-10-16</date> +<version>1.2</version> +<date>2006-10-31</date> <section> <title>A firewall</title> @@ -695,7 +695,7 @@ # Apply and add invalid states to the chains einfo "Applying chains to INPUT" $IPTABLES -A INPUT -m state --state INVALID -j DROP - $IPTABLES -A INPUT -j icmp_allowed + $IPTABLES -A INPUT -p icmp -j icmp_allowed $IPTABLES -A INPUT -j check-flags $IPTABLES -A INPUT -i lo -j ACCEPT $IPTABLES -A INPUT -j allow-ssh-traffic-in @@ -703,7 +703,7 @@ einfo "Applying chains to FORWARD" $IPTABLES -A FORWARD -m state --state INVALID -j DROP - $IPTABLES -A FORWARD -j icmp_allowed + $IPTABLES -A FORWARD -p icmp -j icmp_allowed $IPTABLES -A FORWARD -j check-flags $IPTABLES -A FORWARD -o lo -j ACCEPT $IPTABLES -A FORWARD -j allow-ssh-traffic-in @@ -712,7 +712,7 @@ einfo "Applying chains to OUTPUT" $IPTABLES -A OUTPUT -m state --state INVALID -j DROP - $IPTABLES -A OUTPUT -j icmp_allowed + $IPTABLES -A OUTPUT -p icmp -j icmp_allowed $IPTABLES -A OUTPUT -j check-flags $IPTABLES -A OUTPUT -o lo -j ACCEPT $IPTABLES -A OUTPUT -j allow-ssh-traffic-out -- [email protected] mailing list
