mirror of https://github.com/tLDP/LDP
cosmetic update
This commit is contained in:
parent
6fdcd39576
commit
c06e0c893a
|
@ -11542,7 +11542,12 @@ WIDTH="100%"
|
|||
COLOR="#000000"
|
||||
><PRE
|
||||
CLASS="SCREEN"
|
||||
># nft add rule ip6 filter input icmpv6 type { nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert } ip6 hoplimit 1 accept # nft add rule ip6 filter input icmpv6 type { nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert } ip6 hoplimit 255 accept</PRE
|
||||
># nft add rule ip6 filter input icmpv6 type
|
||||
¬ { nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert }
|
||||
¬ ip6 hoplimit 1 accept
|
||||
# nft add rule ip6 filter input icmpv6 type
|
||||
¬ { nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert }
|
||||
¬ ip6 hoplimit 255 accept</PRE
|
||||
></FONT
|
||||
></TD
|
||||
></TR
|
||||
|
@ -11613,8 +11618,10 @@ table ip6 filter {
|
|||
chain input {
|
||||
type filter hook input priority 1;
|
||||
icmpv6 type echo-request counter packets 0 bytes 0 accept
|
||||
ip6 hoplimit 1 icmpv6 type { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept
|
||||
ip6 hoplimit 255 icmpv6 type { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept
|
||||
ip6 hoplimit 1 icmpv6 type
|
||||
¬ { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept
|
||||
ip6 hoplimit 255 icmpv6 type
|
||||
¬ { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept
|
||||
}
|
||||
}</PRE
|
||||
></FONT
|
||||
|
|
|
@ -12898,10 +12898,32 @@ Erlauben einiger wichtiger IPv6 ICMP Pakete, ohne Zähler, dafür mit Hop-Limit-
|
|||
|
||||
\begin_layout Code
|
||||
|
||||
# nft add rule ip6 filter input icmpv6 type { nd-neighbor-solicit, nd-router-adv
|
||||
ert, nd-neighbor-advert } ip6 hoplimit 1 accept # nft add rule ip6 filter
|
||||
input icmpv6 type { nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert
|
||||
} ip6 hoplimit 255 accept
|
||||
# nft add rule ip6 filter input icmpv6 type
|
||||
\end_layout
|
||||
|
||||
\begin_layout Code
|
||||
|
||||
¬ { nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert }
|
||||
\end_layout
|
||||
|
||||
\begin_layout Code
|
||||
|
||||
¬ ip6 hoplimit 1 accept
|
||||
\end_layout
|
||||
|
||||
\begin_layout Code
|
||||
|
||||
# nft add rule ip6 filter input icmpv6 type
|
||||
\end_layout
|
||||
|
||||
\begin_layout Code
|
||||
|
||||
¬ { nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert }
|
||||
\end_layout
|
||||
|
||||
\begin_layout Code
|
||||
|
||||
¬ ip6 hoplimit 255 accept
|
||||
\end_layout
|
||||
|
||||
\begin_layout Standard
|
||||
|
@ -13012,14 +13034,22 @@ table ip6 filter {
|
|||
|
||||
\begin_layout Code
|
||||
|
||||
ip6 hoplimit 1 icmpv6 type { nd-neighbor-advert, nd-neighbor-solicit,
|
||||
nd-router-advert} accept
|
||||
ip6 hoplimit 1 icmpv6 type
|
||||
\end_layout
|
||||
|
||||
\begin_layout Code
|
||||
|
||||
ip6 hoplimit 255 icmpv6 type { nd-neighbor-advert, nd-neighbor-solicit,
|
||||
nd-router-advert} accept
|
||||
¬ { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept
|
||||
\end_layout
|
||||
|
||||
\begin_layout Code
|
||||
|
||||
ip6 hoplimit 255 icmpv6 type
|
||||
\end_layout
|
||||
|
||||
\begin_layout Code
|
||||
|
||||
¬ { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept
|
||||
\end_layout
|
||||
|
||||
\begin_layout Code
|
||||
|
|
Binary file not shown.
|
@ -2003,7 +2003,12 @@ Chain intOUT (1 references)
|
|||
<![CDATA[# nft add rule ip filter input icmp type { echo-request } counter accept
|
||||
# nft add rule ip6 filter input icmpv6 type echo-request counter accept
|
||||
]]></screen><para>Erlauben einiger wichtiger IPv6 ICMP Pakete, ohne Zähler, dafür mit Hop-Limit-Prüfung (erhöht die Sicherheit)</para><screen>
|
||||
<![CDATA[# nft add rule ip6 filter input icmpv6 type { nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert } ip6 hoplimit 1 accept # nft add rule ip6 filter input icmpv6 type { nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert } ip6 hoplimit 255 accept
|
||||
<![CDATA[# nft add rule ip6 filter input icmpv6 type
|
||||
¬ { nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert }
|
||||
¬ ip6 hoplimit 1 accept
|
||||
# nft add rule ip6 filter input icmpv6 type
|
||||
¬ { nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert }
|
||||
¬ ip6 hoplimit 255 accept
|
||||
]]></screen><para>Erlauben von eingehenden SSH-Verbindungen für IPv4 und IPv6 unter Nutzung der IP-Version unabhängigen Tabelle “inet”</para><screen>
|
||||
<![CDATA[# nft add rule inet filter input tcp dport 22 ct state new tcp flags \& \(syn \| ack\) == syn counter accept
|
||||
]]></screen></sect3><sect3>
|
||||
|
@ -2022,8 +2027,10 @@ table ip6 filter {
|
|||
chain input {
|
||||
type filter hook input priority 1;
|
||||
icmpv6 type echo-request counter packets 0 bytes 0 accept
|
||||
ip6 hoplimit 1 icmpv6 type { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept
|
||||
ip6 hoplimit 255 icmpv6 type { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept
|
||||
ip6 hoplimit 1 icmpv6 type
|
||||
¬ { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept
|
||||
ip6 hoplimit 255 icmpv6 type
|
||||
¬ { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept
|
||||
}
|
||||
}
|
||||
]]></screen><para>Tabelle für IP unabhängigen Filter</para><screen>
|
||||
|
|
|
@ -11659,7 +11659,12 @@ WIDTH="100%"
|
|||
COLOR="#000000"
|
||||
><PRE
|
||||
CLASS="SCREEN"
|
||||
># nft add rule ip6 filter input icmpv6 type { nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert } ip6 hoplimit 1 accept # nft add rule ip6 filter input icmpv6 type { nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert } ip6 hoplimit 255 accept</PRE
|
||||
># nft add rule ip6 filter input icmpv6 type
|
||||
¬ { nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert }
|
||||
¬ ip6 hoplimit 1 accept
|
||||
# nft add rule ip6 filter input icmpv6 type
|
||||
¬ { nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert }
|
||||
¬ ip6 hoplimit 255 accept</PRE
|
||||
></FONT
|
||||
></TD
|
||||
></TR
|
||||
|
@ -11730,8 +11735,10 @@ table ip6 filter {
|
|||
chain input {
|
||||
type filter hook input priority 1;
|
||||
icmpv6 type echo-request counter packets 0 bytes 0 accept
|
||||
ip6 hoplimit 1 icmpv6 type { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept
|
||||
ip6 hoplimit 255 icmpv6 type { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept
|
||||
ip6 hoplimit 1 icmpv6 type
|
||||
¬ { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept
|
||||
ip6 hoplimit 255 icmpv6 type
|
||||
¬ { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept
|
||||
}
|
||||
}</PRE
|
||||
></FONT
|
||||
|
|
File diff suppressed because it is too large
Load Diff
Binary file not shown.
|
@ -2010,7 +2010,12 @@ Chain intOUT (1 references)
|
|||
<![CDATA[# nft add rule ip filter input icmp type { echo-request } counter accept
|
||||
# nft add rule ip6 filter input icmpv6 type echo-request counter accept
|
||||
]]></screen><para>Allow some important IPv6 ICMP traffic, without counter, but checking hop-limit for security</para><screen>
|
||||
<![CDATA[# nft add rule ip6 filter input icmpv6 type { nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert } ip6 hoplimit 1 accept # nft add rule ip6 filter input icmpv6 type { nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert } ip6 hoplimit 255 accept
|
||||
<![CDATA[# nft add rule ip6 filter input icmpv6 type
|
||||
¬ { nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert }
|
||||
¬ ip6 hoplimit 1 accept
|
||||
# nft add rule ip6 filter input icmpv6 type
|
||||
¬ { nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert }
|
||||
¬ ip6 hoplimit 255 accept
|
||||
]]></screen><para>Allow incoming SSH for IPv4 and IPv6, using therefore the IP version aware table “inet”</para><screen>
|
||||
<![CDATA[# nft add rule inet filter input tcp dport 22 ct state new tcp flags \& \(syn \| ack\) == syn counter accept
|
||||
]]></screen></sect3><sect3>
|
||||
|
@ -2029,8 +2034,10 @@ table ip6 filter {
|
|||
chain input {
|
||||
type filter hook input priority 1;
|
||||
icmpv6 type echo-request counter packets 0 bytes 0 accept
|
||||
ip6 hoplimit 1 icmpv6 type { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept
|
||||
ip6 hoplimit 255 icmpv6 type { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept
|
||||
ip6 hoplimit 1 icmpv6 type
|
||||
¬ { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept
|
||||
ip6 hoplimit 255 icmpv6 type
|
||||
¬ { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept
|
||||
}
|
||||
}
|
||||
]]></screen><para>Table for IP version aware filter</para><screen>
|
||||
|
|
|
@ -26,7 +26,7 @@
|
|||
# Known limitations:
|
||||
# * Code lines containing LyX tags are currently not supported and skipped
|
||||
|
||||
my $lyx_format_supported = "345";
|
||||
my $lyx_format_supported = "474";
|
||||
|
||||
sub print_long_line ($);
|
||||
|
||||
|
|
Loading…
Reference in New Issue