summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorelijah <elijah@riseup.net>2014-05-29 15:48:02 -0700
committerelijah <elijah@riseup.net>2014-05-29 15:48:02 -0700
commit1417c41e05a3afe79555950921c2bc6289bf02ea (patch)
tree69994680c7ecd8432b7fd047ee4172eeac9a0848
parent1ef424fcd34d1f3800ffd200be72d775be5a9740 (diff)
return instead of reject for multicast
-rwxr-xr-xpkg/linux/bitmask-root8
1 files changed, 4 insertions, 4 deletions
diff --git a/pkg/linux/bitmask-root b/pkg/linux/bitmask-root
index f1c5c0c3..83e85774 100755
--- a/pkg/linux/bitmask-root
+++ b/pkg/linux/bitmask-root
@@ -758,11 +758,11 @@ def firewall_start(args):
# allow multicast Simple Service Discovery Protocol
ip4tables("--insert", BITMASK_CHAIN,
"--protocol", "udp", "--destination", "239.255.255.250", "--dport", "1900",
- "-o", default_device, "--jump", "ACCEPT")
+ "-o", default_device, "--jump", "RETURN")
# allow multicast Bonjour/mDNS
ip4tables("--insert", BITMASK_CHAIN,
"--protocol", "udp", "--destination", "224.0.0.251", "--dport", "5353",
- "-o", default_device, "--jump", "ACCEPT")
+ "-o", default_device, "--jump", "RETURN")
if local_network_ipv6:
ip6tables("--insert", BITMASK_CHAIN,
"--destination", local_network_ipv6, "-o", default_device,
@@ -770,11 +770,11 @@ def firewall_start(args):
# allow multicast Simple Service Discovery Protocol
ip6tables("--insert", BITMASK_CHAIN,
"--protocol", "udp", "--destination", "FF05::C", "--dport", "1900",
- "-o", default_device, "--jump", "ACCEPT")
+ "-o", default_device, "--jump", "RETURN")
# allow multicast Bonjour/mDNS
ip6tables("--insert", BITMASK_CHAIN,
"--protocol", "udp", "--destination", "FF02::FB", "--dport", "5353",
- "-o", default_device, "--jump", "ACCEPT")
+ "-o", default_device, "--jump", "RETURN")
# block DNS requests to anyone but the service provider or localhost