HEX
Server: Apache/2.4.65 (Debian)
System: Linux web6 5.10.0-36-amd64 #1 SMP Debian 5.10.244-1 (2025-09-29) x86_64
User: innocamp (1028)
PHP: 7.4.33
Disabled: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
$ pwd: /usr/share/shorewall/
Upload Files
File: //usr/share/shorewall/action.AllowICMPs
#
# Shorewall -- /usr/share/shorewall/action.AllowICMPs
#
# This action ACCEPTs needed ICMP types.
#
###############################################################################
#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER

DEFAULTS ACCEPT

?if __IPV4
    @1	-	-	icmp	fragmentation-needed	{comment="Needed ICMP types"}
    @1	-	-	icmp	time-exceeded		{comment="Needed ICMP types"}
?else
?COMMENT Needed ICMP types (RFC4890)
    @1	-		-	ipv6-icmp	destination-unreachable
    @1	-		-	ipv6-icmp	packet-too-big
    @1	-		-	ipv6-icmp	time-exceeded
    @1	-		-	ipv6-icmp	parameter-problem

# The following should have a ttl of 255 and must be allowed to transit a bridge
    @1	-		-	ipv6-icmp	router-solicitation
    @1	-		-	ipv6-icmp	router-advertisement
    @1	-		-	ipv6-icmp	neighbour-solicitation
    @1	-		-	ipv6-icmp	neighbour-advertisement
    @1	-		-	ipv6-icmp	137	# Redirect
    @1	-		-	ipv6-icmp	141	# Inverse neighbour discovery solicitation
    @1	-		-	ipv6-icmp	142	# Inverse neighbour discovery advertisement

# The following should have a link local source address and must be allowed to transit a bridge
    @1	fe80::/10	-	ipv6-icmp	130	# Listener query
    @1	fe80::/10	-	ipv6-icmp	131	# Listener report
    @1	fe80::/10	-	ipv6-icmp	132	# Listener done
    @1	fe80::/10	-	ipv6-icmp	143	# Listener report v2

# The following should be received with a ttl of 255 and must be allowed to transit a bridge
    @1	-		-	ipv6-icmp	148	# Certificate path solicitation
    @1	-		-	ipv6-icmp	149	# Certificate path advertisement

# The following should have a link local source address and a ttl of 1 and must be allowed to transit a bridge
    @1	fe80::/10	-	ipv6-icmp	151	# Multicast router advertisement
    @1	fe80::/10	-	ipv6-icmp	152	# Multicast router solicitation
    @1	fe80::/10	-	ipv6-icmp	153	# Multicast router termination
?endif
@ Telegram