From 85f9ea46bbce68c1c8484910281732586151aa59 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pierre-Elliott=20B=C3=A9cue?= Date: Fri, 4 Sep 2015 14:03:33 +0200 Subject: [PATCH] =?UTF-8?q?Essai=20de=20pr=C3=A9cision=20de=20reject=20pou?= =?UTF-8?q?r=20le=20/32=20de=20google?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- gestion/gen_confs/firewall6.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gestion/gen_confs/firewall6.py b/gestion/gen_confs/firewall6.py index 7346f35c..c33354ab 100755 --- a/gestion/gen_confs/firewall6.py +++ b/gestion/gen_confs/firewall6.py @@ -136,7 +136,7 @@ def main_router(): ip6tables.mangle.prerouting('-i %s -m state --state NEW -j LOG --log-prefix "LOG_ALL "' % dev_ip6 ) # On force le /32 de google à passer en ipv4 pour tester si ça soulage le tunnel ipv6 - ip6tables.filter.forward('-o %s -p tcp -d 2a00:1450:4006::/32 -j REJECT' % dev_ip6) + ip6tables.filter.forward('-o %s -p tcp -d 2a00:1450:4006::/32 -j REJECT --reject-with icmp6-addr-unreachable' % dev_ip6) # Ipv6 sur évènementiel, on ne laisse sortir que si ça vient de la mac d'ytrap-llatsni ip6tables.filter.forward('-o %s -d 2a01:240:fe3d:d2::/64 -j ACCEPT' % dev_crans)