mirror of https://github.com/tLDP/LDP
cosmetic update
This commit is contained in:
parent
6fdcd39576
commit
c06e0c893a
|
@ -11542,7 +11542,12 @@ WIDTH="100%"
|
||||||
COLOR="#000000"
|
COLOR="#000000"
|
||||||
><PRE
|
><PRE
|
||||||
CLASS="SCREEN"
|
CLASS="SCREEN"
|
||||||
># nft add rule ip6 filter input icmpv6 type { nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert } ip6 hoplimit 1 accept # nft add rule ip6 filter input icmpv6 type { nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert } ip6 hoplimit 255 accept</PRE
|
># nft add rule ip6 filter input icmpv6 type
|
||||||
|
¬ { nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert }
|
||||||
|
¬ ip6 hoplimit 1 accept
|
||||||
|
# nft add rule ip6 filter input icmpv6 type
|
||||||
|
¬ { nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert }
|
||||||
|
¬ ip6 hoplimit 255 accept</PRE
|
||||||
></FONT
|
></FONT
|
||||||
></TD
|
></TD
|
||||||
></TR
|
></TR
|
||||||
|
@ -11613,8 +11618,10 @@ table ip6 filter {
|
||||||
chain input {
|
chain input {
|
||||||
type filter hook input priority 1;
|
type filter hook input priority 1;
|
||||||
icmpv6 type echo-request counter packets 0 bytes 0 accept
|
icmpv6 type echo-request counter packets 0 bytes 0 accept
|
||||||
ip6 hoplimit 1 icmpv6 type { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept
|
ip6 hoplimit 1 icmpv6 type
|
||||||
ip6 hoplimit 255 icmpv6 type { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept
|
¬ { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept
|
||||||
|
ip6 hoplimit 255 icmpv6 type
|
||||||
|
¬ { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept
|
||||||
}
|
}
|
||||||
}</PRE
|
}</PRE
|
||||||
></FONT
|
></FONT
|
||||||
|
|
|
@ -12898,10 +12898,32 @@ Erlauben einiger wichtiger IPv6 ICMP Pakete, ohne Zähler, dafür mit Hop-Limit-
|
||||||
|
|
||||||
\begin_layout Code
|
\begin_layout Code
|
||||||
|
|
||||||
# nft add rule ip6 filter input icmpv6 type { nd-neighbor-solicit, nd-router-adv
|
# nft add rule ip6 filter input icmpv6 type
|
||||||
ert, nd-neighbor-advert } ip6 hoplimit 1 accept # nft add rule ip6 filter
|
\end_layout
|
||||||
input icmpv6 type { nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert
|
|
||||||
} ip6 hoplimit 255 accept
|
\begin_layout Code
|
||||||
|
|
||||||
|
¬ { nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert }
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
|
||||||
|
¬ ip6 hoplimit 1 accept
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
|
||||||
|
# nft add rule ip6 filter input icmpv6 type
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
|
||||||
|
¬ { nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert }
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
|
||||||
|
¬ ip6 hoplimit 255 accept
|
||||||
\end_layout
|
\end_layout
|
||||||
|
|
||||||
\begin_layout Standard
|
\begin_layout Standard
|
||||||
|
@ -13012,14 +13034,22 @@ table ip6 filter {
|
||||||
|
|
||||||
\begin_layout Code
|
\begin_layout Code
|
||||||
|
|
||||||
ip6 hoplimit 1 icmpv6 type { nd-neighbor-advert, nd-neighbor-solicit,
|
ip6 hoplimit 1 icmpv6 type
|
||||||
nd-router-advert} accept
|
|
||||||
\end_layout
|
\end_layout
|
||||||
|
|
||||||
\begin_layout Code
|
\begin_layout Code
|
||||||
|
|
||||||
ip6 hoplimit 255 icmpv6 type { nd-neighbor-advert, nd-neighbor-solicit,
|
¬ { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept
|
||||||
nd-router-advert} accept
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
|
||||||
|
ip6 hoplimit 255 icmpv6 type
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
|
||||||
|
¬ { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept
|
||||||
\end_layout
|
\end_layout
|
||||||
|
|
||||||
\begin_layout Code
|
\begin_layout Code
|
||||||
|
|
Binary file not shown.
|
@ -2003,7 +2003,12 @@ Chain intOUT (1 references)
|
||||||
<![CDATA[# nft add rule ip filter input icmp type { echo-request } counter accept
|
<![CDATA[# nft add rule ip filter input icmp type { echo-request } counter accept
|
||||||
# nft add rule ip6 filter input icmpv6 type echo-request counter accept
|
# nft add rule ip6 filter input icmpv6 type echo-request counter accept
|
||||||
]]></screen><para>Erlauben einiger wichtiger IPv6 ICMP Pakete, ohne Zähler, dafür mit Hop-Limit-Prüfung (erhöht die Sicherheit)</para><screen>
|
]]></screen><para>Erlauben einiger wichtiger IPv6 ICMP Pakete, ohne Zähler, dafür mit Hop-Limit-Prüfung (erhöht die Sicherheit)</para><screen>
|
||||||
<![CDATA[# nft add rule ip6 filter input icmpv6 type { nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert } ip6 hoplimit 1 accept # nft add rule ip6 filter input icmpv6 type { nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert } ip6 hoplimit 255 accept
|
<![CDATA[# nft add rule ip6 filter input icmpv6 type
|
||||||
|
¬ { nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert }
|
||||||
|
¬ ip6 hoplimit 1 accept
|
||||||
|
# nft add rule ip6 filter input icmpv6 type
|
||||||
|
¬ { nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert }
|
||||||
|
¬ ip6 hoplimit 255 accept
|
||||||
]]></screen><para>Erlauben von eingehenden SSH-Verbindungen für IPv4 und IPv6 unter Nutzung der IP-Version unabhängigen Tabelle “inet”</para><screen>
|
]]></screen><para>Erlauben von eingehenden SSH-Verbindungen für IPv4 und IPv6 unter Nutzung der IP-Version unabhängigen Tabelle “inet”</para><screen>
|
||||||
<![CDATA[# nft add rule inet filter input tcp dport 22 ct state new tcp flags \& \(syn \| ack\) == syn counter accept
|
<![CDATA[# nft add rule inet filter input tcp dport 22 ct state new tcp flags \& \(syn \| ack\) == syn counter accept
|
||||||
]]></screen></sect3><sect3>
|
]]></screen></sect3><sect3>
|
||||||
|
@ -2022,8 +2027,10 @@ table ip6 filter {
|
||||||
chain input {
|
chain input {
|
||||||
type filter hook input priority 1;
|
type filter hook input priority 1;
|
||||||
icmpv6 type echo-request counter packets 0 bytes 0 accept
|
icmpv6 type echo-request counter packets 0 bytes 0 accept
|
||||||
ip6 hoplimit 1 icmpv6 type { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept
|
ip6 hoplimit 1 icmpv6 type
|
||||||
ip6 hoplimit 255 icmpv6 type { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept
|
¬ { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept
|
||||||
|
ip6 hoplimit 255 icmpv6 type
|
||||||
|
¬ { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]]></screen><para>Tabelle für IP unabhängigen Filter</para><screen>
|
]]></screen><para>Tabelle für IP unabhängigen Filter</para><screen>
|
||||||
|
|
|
@ -11659,7 +11659,12 @@ WIDTH="100%"
|
||||||
COLOR="#000000"
|
COLOR="#000000"
|
||||||
><PRE
|
><PRE
|
||||||
CLASS="SCREEN"
|
CLASS="SCREEN"
|
||||||
># nft add rule ip6 filter input icmpv6 type { nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert } ip6 hoplimit 1 accept # nft add rule ip6 filter input icmpv6 type { nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert } ip6 hoplimit 255 accept</PRE
|
># nft add rule ip6 filter input icmpv6 type
|
||||||
|
¬ { nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert }
|
||||||
|
¬ ip6 hoplimit 1 accept
|
||||||
|
# nft add rule ip6 filter input icmpv6 type
|
||||||
|
¬ { nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert }
|
||||||
|
¬ ip6 hoplimit 255 accept</PRE
|
||||||
></FONT
|
></FONT
|
||||||
></TD
|
></TD
|
||||||
></TR
|
></TR
|
||||||
|
@ -11730,8 +11735,10 @@ table ip6 filter {
|
||||||
chain input {
|
chain input {
|
||||||
type filter hook input priority 1;
|
type filter hook input priority 1;
|
||||||
icmpv6 type echo-request counter packets 0 bytes 0 accept
|
icmpv6 type echo-request counter packets 0 bytes 0 accept
|
||||||
ip6 hoplimit 1 icmpv6 type { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept
|
ip6 hoplimit 1 icmpv6 type
|
||||||
ip6 hoplimit 255 icmpv6 type { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept
|
¬ { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept
|
||||||
|
ip6 hoplimit 255 icmpv6 type
|
||||||
|
¬ { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept
|
||||||
}
|
}
|
||||||
}</PRE
|
}</PRE
|
||||||
></FONT
|
></FONT
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
Binary file not shown.
|
@ -2010,7 +2010,12 @@ Chain intOUT (1 references)
|
||||||
<![CDATA[# nft add rule ip filter input icmp type { echo-request } counter accept
|
<![CDATA[# nft add rule ip filter input icmp type { echo-request } counter accept
|
||||||
# nft add rule ip6 filter input icmpv6 type echo-request counter accept
|
# nft add rule ip6 filter input icmpv6 type echo-request counter accept
|
||||||
]]></screen><para>Allow some important IPv6 ICMP traffic, without counter, but checking hop-limit for security</para><screen>
|
]]></screen><para>Allow some important IPv6 ICMP traffic, without counter, but checking hop-limit for security</para><screen>
|
||||||
<![CDATA[# nft add rule ip6 filter input icmpv6 type { nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert } ip6 hoplimit 1 accept # nft add rule ip6 filter input icmpv6 type { nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert } ip6 hoplimit 255 accept
|
<![CDATA[# nft add rule ip6 filter input icmpv6 type
|
||||||
|
¬ { nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert }
|
||||||
|
¬ ip6 hoplimit 1 accept
|
||||||
|
# nft add rule ip6 filter input icmpv6 type
|
||||||
|
¬ { nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert }
|
||||||
|
¬ ip6 hoplimit 255 accept
|
||||||
]]></screen><para>Allow incoming SSH for IPv4 and IPv6, using therefore the IP version aware table “inet”</para><screen>
|
]]></screen><para>Allow incoming SSH for IPv4 and IPv6, using therefore the IP version aware table “inet”</para><screen>
|
||||||
<![CDATA[# nft add rule inet filter input tcp dport 22 ct state new tcp flags \& \(syn \| ack\) == syn counter accept
|
<![CDATA[# nft add rule inet filter input tcp dport 22 ct state new tcp flags \& \(syn \| ack\) == syn counter accept
|
||||||
]]></screen></sect3><sect3>
|
]]></screen></sect3><sect3>
|
||||||
|
@ -2029,8 +2034,10 @@ table ip6 filter {
|
||||||
chain input {
|
chain input {
|
||||||
type filter hook input priority 1;
|
type filter hook input priority 1;
|
||||||
icmpv6 type echo-request counter packets 0 bytes 0 accept
|
icmpv6 type echo-request counter packets 0 bytes 0 accept
|
||||||
ip6 hoplimit 1 icmpv6 type { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept
|
ip6 hoplimit 1 icmpv6 type
|
||||||
ip6 hoplimit 255 icmpv6 type { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept
|
¬ { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept
|
||||||
|
ip6 hoplimit 255 icmpv6 type
|
||||||
|
¬ { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]]></screen><para>Table for IP version aware filter</para><screen>
|
]]></screen><para>Table for IP version aware filter</para><screen>
|
||||||
|
|
|
@ -26,7 +26,7 @@
|
||||||
# Known limitations:
|
# Known limitations:
|
||||||
# * Code lines containing LyX tags are currently not supported and skipped
|
# * Code lines containing LyX tags are currently not supported and skipped
|
||||||
|
|
||||||
my $lyx_format_supported = "345";
|
my $lyx_format_supported = "474";
|
||||||
|
|
||||||
sub print_long_line ($);
|
sub print_long_line ($);
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue