summaryrefslogtreecommitdiff
path: root/global/overlay/etc/puppet/modules
diff options
context:
space:
mode:
Diffstat (limited to 'global/overlay/etc/puppet/modules')
-rw-r--r--global/overlay/etc/puppet/modules/sunet/manifests/server.pp12
1 files changed, 12 insertions, 0 deletions
diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/server.pp b/global/overlay/etc/puppet/modules/sunet/manifests/server.pp
index 9215c8f..c4622fa 100644
--- a/global/overlay/etc/puppet/modules/sunet/manifests/server.pp
+++ b/global/overlay/etc/puppet/modules/sunet/manifests/server.pp
@@ -6,4 +6,16 @@ define sunet::server() {
# Add prerequisites for ethernet bonding, if physical server
sunet::ethernet_bonding { 'sunet_ethernet_bonding': }
+ # Ignore IPv6 multicast
+ ufw::deny { 'ignore_v6_multicast':
+ ip => 'ff02::1',
+ proto => 'any' # 'ufw' has a hard-coded list of protocols, which does not include 'ipv6-icmp' :(
+ }
+
+ # Ignore IPv6 multicast PIM router talk
+ ufw::deny { 'ignore_v6_multicast_PIM':
+ ip => 'ff02::d',
+ proto => 'any' # 'ufw' has a hard-coded list of protocols, which does not include 'ipv6-icmp' :(
+ }
+
}