From cef1d1f2741e80c7eaa107bcbb23c0c7bb40234c Mon Sep 17 00:00:00 2001 From: Fredrik Thulin Date: Thu, 27 Feb 2014 09:03:03 +0100 Subject: ignore some ipv6-icmp --- global/overlay/etc/puppet/modules/sunet/manifests/server.pp | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'global/overlay/etc/puppet/modules/sunet/manifests/server.pp') diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/server.pp b/global/overlay/etc/puppet/modules/sunet/manifests/server.pp index 9215c8f..c4622fa 100644 --- a/global/overlay/etc/puppet/modules/sunet/manifests/server.pp +++ b/global/overlay/etc/puppet/modules/sunet/manifests/server.pp @@ -6,4 +6,16 @@ define sunet::server() { # Add prerequisites for ethernet bonding, if physical server sunet::ethernet_bonding { 'sunet_ethernet_bonding': } + # Ignore IPv6 multicast + ufw::deny { 'ignore_v6_multicast': + ip => 'ff02::1', + proto => 'any' # 'ufw' has a hard-coded list of protocols, which does not include 'ipv6-icmp' :( + } + + # Ignore IPv6 multicast PIM router talk + ufw::deny { 'ignore_v6_multicast_PIM': + ip => 'ff02::d', + proto => 'any' # 'ufw' has a hard-coded list of protocols, which does not include 'ipv6-icmp' :( + } + } -- cgit v1.1