Reject other IPv6 protocols in reject rules

[gaudenz]

Reject rules have let through other protocols than TCP or UDP for IPv6. These were already rejected for IPv4. This commit adds a similar rule for IPv6 which rejects with adm-prohibited.

Fixes #105.

[gaudenz]

After thinking of this a bit more I changed the reject type from adm-prohibited to the default of icmp6-port-unreachable.

[subsecond]

ICMPv6 destination unreachable code icmp6-adm-prohibited "matches" ICMPv4 destination unreachable code icmp-host-prohibited. According to RFC4443 [1] we should be using code 4 instead:

A destination node SHOULD originate a Destination Unreachable message with Code 4 in response to a packet for which the transport protocol (e.g., UDP) has no listener, if that transport protocol has no alternative means to inform the sender.

Code 4 is port unreachable and IMHO the default code being used in an ip6tables REJECT statement.

[1] https://tools.ietf.org/html/rfc4443#section-3.1

[subsecond]

Sorry, was a bit late with my remark. Thanks for changing the reject type!