mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-08 10:12:53 +01:00
Merge pull request #11496 from Security-Onion-Solutions/fix/ping
accept icmp on input chain
This commit is contained in:
Josh Patterson
GitHub
@@ -89,7 +89,6 @@ COMMIT
|
|||||||
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
||||||
-A INPUT -i lo -j ACCEPT
|
-A INPUT -i lo -j ACCEPT
|
||||||
-A INPUT -m conntrack --ctstate INVALID -j DROP
|
-A INPUT -m conntrack --ctstate INVALID -j DROP
|
||||||
-A INPUT -j REJECT --reject-with icmp-host-prohibited
|
|
||||||
-A INPUT -p icmp -j ACCEPT
|
-A INPUT -p icmp -j ACCEPT
|
||||||
-A INPUT -j LOGGING
|
-A INPUT -j LOGGING
|
||||||
-A FORWARD -j DOCKER-USER
|
-A FORWARD -j DOCKER-USER
|
||||||
@@ -103,6 +102,7 @@ COMMIT
|
|||||||
-A FORWARD -m conntrack --ctstate INVALID -j DROP
|
-A FORWARD -m conntrack --ctstate INVALID -j DROP
|
||||||
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
|
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
|
||||||
-A OUTPUT -o lo -j ACCEPT
|
-A OUTPUT -o lo -j ACCEPT
|
||||||
|
# block icmp timestamp reply
|
||||||
-A OUTPUT -p icmp -m icmp --icmp-type 14 -j DROP
|
-A OUTPUT -p icmp -m icmp --icmp-type 14 -j DROP
|
||||||
|
|
||||||
{%- for rule in D2 %}
|
{%- for rule in D2 %}
|
||||||
|
|||||||
Reference in New Issue
Block a user