On 03/02/2020 11:12, Kerin Millar wrote:
On 03/02/2020 10:56, ѽ҉ᶬḳ℠ wrote:
Appreciate if someone could be obliged and have a look at the below
ruleset and let me know where I am going wrong since ICMPv6 is being
(policy) dropped:
DROP_WAN_IN IN=pppoe-wan OUT= MAC=
SRC=fe80:0000:0000:0000:e2ac:f1ff:fe65:51ba
DST=ff02:0000:0000:0000:0000:0000:0000:0001 LEN=72 TC=224 HOPLIMIT=255
FLOWLBL=0 PROTO=ICMPv6 TYPE=134 CODE=0
despite an accept statement
--- ruleset
table arp filter { # handle 141
chain input { # handle 1
type filter hook input priority filter; policy accept;
iif "eth2" drop # handle 3
}
chain output { # handle 2
type filter hook output priority filter; policy accept;
oif "eth2" drop # handle 4
}
}
table inet filter { # handle 142
chain input { # handle 1
type filter hook input priority filter; policy drop;
ct state established,related accept # handle 4
ct state invalid drop # handle 5
iif "lo" accept # handle 6
iif "br-lan" accept # handle 7
iif "lan0" accept # handle 8
iif "lan1" accept # handle 9
iif "lan2" accept # handle 10
iif "lan3" accept # handle 11
iif "lan4" accept # handle 12
log prefix "DROP_WAN_IN " # handle 13
}
}
table ip6 filter { # handle 145
chain input { # handle 1
This particular chain is not hooked.
Re-posting the above as I accidentally replied off-list.
--
Kerin Millar
