[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-API] XCP 1.5 antifspoofing rules



I want to say, that icmp drop prior to 'drop all' simply meanless:

drop icmp=134
drop icmp=135
drop all

icmp will be dropped anyway.


On 30 November 2012 22:35, Ben Pfaff <blp@xxxxxxxxxxxxxxx> wrote:
George Shuklin <george.shuklin@xxxxxxxxx>
writes:

> 1) Why those strange 'icmp_type=X actions=drop' before 'drop all'?

I can't answer the overall question here but I'll point out that
those match on the IPv6 equivalent of ARP.


_______________________________________________
Xen-api mailing list
Xen-api@xxxxxxxxxxxxx
http://lists.xen.org/cgi-bin/mailman/listinfo/xen-api

_______________________________________________
Xen-api mailing list
Xen-api@xxxxxxxxxxxxx
http://lists.xen.org/cgi-bin/mailman/listinfo/xen-api

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.