diff options
author | Fredrik Thulin <fredrik@thulin.net> | 2014-02-27 09:03:03 +0100 |
---|---|---|
committer | Fredrik Thulin <fredrik@thulin.net> | 2014-02-27 09:03:03 +0100 |
commit | cef1d1f2741e80c7eaa107bcbb23c0c7bb40234c (patch) | |
tree | 20e46d0f4b3e870937088e6bfe593c63906bc3ca | |
parent | a9a96696eee9cee87ef03ed7daf9df34bbc6c7b5 (diff) |
ignore some ipv6-icmpsunet-ops-2014-02-27-v01
-rw-r--r-- | global/overlay/etc/puppet/modules/sunet/manifests/server.pp | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/server.pp b/global/overlay/etc/puppet/modules/sunet/manifests/server.pp index 9215c8f..c4622fa 100644 --- a/global/overlay/etc/puppet/modules/sunet/manifests/server.pp +++ b/global/overlay/etc/puppet/modules/sunet/manifests/server.pp @@ -6,4 +6,16 @@ define sunet::server() { # Add prerequisites for ethernet bonding, if physical server sunet::ethernet_bonding { 'sunet_ethernet_bonding': } + # Ignore IPv6 multicast + ufw::deny { 'ignore_v6_multicast': + ip => 'ff02::1', + proto => 'any' # 'ufw' has a hard-coded list of protocols, which does not include 'ipv6-icmp' :( + } + + # Ignore IPv6 multicast PIM router talk + ufw::deny { 'ignore_v6_multicast_PIM': + ip => 'ff02::d', + proto => 'any' # 'ufw' has a hard-coded list of protocols, which does not include 'ipv6-icmp' :( + } + } |