From 1417c41e05a3afe79555950921c2bc6289bf02ea Mon Sep 17 00:00:00 2001
From: elijah <elijah@riseup.net>
Date: Thu, 29 May 2014 15:48:02 -0700
Subject: return instead of reject for multicast

---
 pkg/linux/bitmask-root | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/pkg/linux/bitmask-root b/pkg/linux/bitmask-root
index f1c5c0c3..83e85774 100755
--- a/pkg/linux/bitmask-root
+++ b/pkg/linux/bitmask-root
@@ -758,11 +758,11 @@ def firewall_start(args):
         # allow multicast Simple Service Discovery Protocol
         ip4tables("--insert", BITMASK_CHAIN,
                   "--protocol", "udp", "--destination", "239.255.255.250", "--dport", "1900",
-                  "-o", default_device, "--jump", "ACCEPT")
+                  "-o", default_device, "--jump", "RETURN")
         # allow multicast Bonjour/mDNS
         ip4tables("--insert", BITMASK_CHAIN,
                   "--protocol", "udp", "--destination", "224.0.0.251", "--dport", "5353",
-                  "-o", default_device, "--jump", "ACCEPT")
+                  "-o", default_device, "--jump", "RETURN")
     if local_network_ipv6:
         ip6tables("--insert", BITMASK_CHAIN,
                   "--destination", local_network_ipv6, "-o", default_device,
@@ -770,11 +770,11 @@ def firewall_start(args):
         # allow multicast Simple Service Discovery Protocol
         ip6tables("--insert", BITMASK_CHAIN,
                   "--protocol", "udp", "--destination", "FF05::C", "--dport", "1900",
-                  "-o", default_device, "--jump", "ACCEPT")
+                  "-o", default_device, "--jump", "RETURN")
         # allow multicast Bonjour/mDNS
         ip6tables("--insert", BITMASK_CHAIN,
                   "--protocol", "udp", "--destination", "FF02::FB", "--dport", "5353",
-                  "-o", default_device, "--jump", "ACCEPT")
+                  "-o", default_device, "--jump", "RETURN")
 
 
     # block DNS requests to anyone but the service provider or localhost
-- 
cgit v1.2.3