diff options
author | elijah <elijah@riseup.net> | 2014-05-29 15:48:02 -0700 |
---|---|---|
committer | elijah <elijah@riseup.net> | 2014-05-29 15:48:02 -0700 |
commit | 1417c41e05a3afe79555950921c2bc6289bf02ea (patch) | |
tree | 69994680c7ecd8432b7fd047ee4172eeac9a0848 /pkg | |
parent | 1ef424fcd34d1f3800ffd200be72d775be5a9740 (diff) |
return instead of reject for multicast
Diffstat (limited to 'pkg')
-rwxr-xr-x | pkg/linux/bitmask-root | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/pkg/linux/bitmask-root b/pkg/linux/bitmask-root index f1c5c0c3..83e85774 100755 --- a/pkg/linux/bitmask-root +++ b/pkg/linux/bitmask-root @@ -758,11 +758,11 @@ def firewall_start(args): # allow multicast Simple Service Discovery Protocol ip4tables("--insert", BITMASK_CHAIN, "--protocol", "udp", "--destination", "239.255.255.250", "--dport", "1900", - "-o", default_device, "--jump", "ACCEPT") + "-o", default_device, "--jump", "RETURN") # allow multicast Bonjour/mDNS ip4tables("--insert", BITMASK_CHAIN, "--protocol", "udp", "--destination", "224.0.0.251", "--dport", "5353", - "-o", default_device, "--jump", "ACCEPT") + "-o", default_device, "--jump", "RETURN") if local_network_ipv6: ip6tables("--insert", BITMASK_CHAIN, "--destination", local_network_ipv6, "-o", default_device, @@ -770,11 +770,11 @@ def firewall_start(args): # allow multicast Simple Service Discovery Protocol ip6tables("--insert", BITMASK_CHAIN, "--protocol", "udp", "--destination", "FF05::C", "--dport", "1900", - "-o", default_device, "--jump", "ACCEPT") + "-o", default_device, "--jump", "RETURN") # allow multicast Bonjour/mDNS ip6tables("--insert", BITMASK_CHAIN, "--protocol", "udp", "--destination", "FF02::FB", "--dport", "5353", - "-o", default_device, "--jump", "ACCEPT") + "-o", default_device, "--jump", "RETURN") # block DNS requests to anyone but the service provider or localhost |