From 1e62621fcc45b3cebe627b01ddf0ecbc452f5b29 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pierre-Elliott=20B=C3=A9cue?= <becue@crans.org>
Date: Sat, 6 Jun 2015 01:16:59 +0200
Subject: [PATCH] En v6 aussi, on met un ttl faible pour le forwarding

---
 gestion/gen_confs/firewall6.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gestion/gen_confs/firewall6.py b/gestion/gen_confs/firewall6.py
index 40a3c911..ec5ce83e 100755
--- a/gestion/gen_confs/firewall6.py
+++ b/gestion/gen_confs/firewall6.py
@@ -61,7 +61,7 @@ def ports(dev_ip6, dev_list):
     # http://netfilter.org/projects/iptables/files/changes-iptables-1.4.3.txt
 
     ip6tables.filter.forward('-i %s -p tcp --dport ssh -m state --state NEW -m recent --name SSH --set ' % dev_ip6)
-    ip6tables.filter.forward('-i %s -p tcp --dport ssh -m state --state NEW -m recent --name SSH --update --seconds 120 --hitcount 10 --rttl -j DROP' % dev_ip6)
+    ip6tables.filter.forward('-i %s -p tcp --dport ssh -m state --state NEW -m recent --name SSH --update --seconds 30 --hitcount 10 --rttl -j DROP' % dev_ip6)
     ip6tables.filter.input('-i %s -p tcp --dport ssh -m state --state NEW -m recent --name SSH --set ' % dev_ip6)
     ip6tables.filter.input('-i %s -p tcp --dport ssh -m state --state NEW -m recent --name SSH --update --seconds 120 --hitcount 10 --rttl -j DROP' % dev_ip6)
     #ip6tables.filter.forward('-i %s -p tcp --dport ssh -m state --state NEW -j ACCEPT' % dev_ip6)