Closed gaudenz closed 7 years ago
The template for rules of type "reject" contains a rule to reject all other protocols (not tcp or udp) for IPv4:
@if @eq($DOMAIN, ip) { REJECT reject-with icmp-proto-unreachable; }
A similar rule for IPv6 is missing. If there is no default policy or other rule to block other IPv6 protocols this traffic is let through. I suggest adding something like this:
@if @eg($DOMAIN, ip6) { REJECT reject-with adm-prohibited; }
The template for rules of type "reject" contains a rule to reject all other protocols (not tcp or udp) for IPv4:
A similar rule for IPv6 is missing. If there is no default policy or other rule to block other IPv6 protocols this traffic is let through. I suggest adding something like this: