~alpine/users

awall question: where do logreject-* and ipv6-icmp rules come from?

W. Michael Petullo <mike@flyn.org>
Details
Message ID
<ZbPwR19SXFktVTNp@imp.flyn.org>
DKIM signature
missing
Download raw message
3 months ago 
I use awall on Alpine, and I am confused as to the origin of two firewall
rules, both in the input and output chain. Here they are, as displayed by
"ip6tables -L -v":

Chain INPUT (policy DROP 0 packets, 0 bytes)
 [...]
 3  168  ACCEPT      ipv6-icmp -- any any anywhere anywhere
 96 6082 logreject-1 all       -- any any anywhere anywhere

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
 [...]
 16 1312 ACCEPT      ipv6-icmp -- any any anywhere anywhere            
 21 2556 logreject-0 all       -- any any anywhere anywhere

I want to restrict ICMPv6 (using the policy of drop), but the first of
the rules listed for each chain seems to undermine that. Grepping around
my Alpine filesystem has not indicated where these rules come from. I
don't think they result from the configuration I have in /etc/awall.

-- 
Mike

:wq
Reply to thread Export thread (mbox)