mirror of
https://github.com/slackhq/nebula.git
synced 2026-06-30 18:40:29 +02:00
add IPv6 reject packet generation (#1766)
* add IPv6 reject packet generation (ICMPv6 Destination Unreachable and TCP RST) * use ICMPv6 code 1 (administratively prohibited) and cap body at 1000 bytes * cleanup, use ICMP error code 13 for ipv4 * better docs * cleanup
This commit is contained in:
+1
-1
@@ -397,7 +397,7 @@ firewall:
|
||||
# `drop` (default): silently drop the packet.
|
||||
# `reject`: send a reject reply.
|
||||
# - For TCP, this will be a RST "Connection Reset" packet.
|
||||
# - For other protocols, this will be an ICMP port unreachable packet.
|
||||
# - For other protocols, this will be an ICMP "Destination unreachable: Communication administratively prohibited" packet.
|
||||
outbound_action: drop
|
||||
inbound_action: drop
|
||||
|
||||
|
||||
Reference in New Issue
Block a user