Update: oops! don't block unicasts by default

Whoops, I overlooked that unicast was the name for the normal, expected, behavior of standard point to point network connections.

diff --git a/level_3/firewall/data/settings/firewall-first b/level_3/firewall/data/settings/firewall-first
index 5db789b29c5f95841ffa9439a91268870b33255a..788de35308c80ec9d86e35ca0d11bad0af946870 100644 (file)
--- a/level_3/firewall/data/settings/firewall-first
+++ b/level_3/firewall/data/settings/firewall-first
@@ -44,14 +44,15 @@ main:
 
 
   # Drop multicasts and broadcasts, they should not exist for a router and in most cases should be avoided.
+  # unicasts are the normal behavior and blocking them would be very unusual.
   direction output
   rule -m pkttype --pkt-type broadcast -j output-casting
   rule -m pkttype --pkt-type multicast -j output-casting
-  rule -m pkttype --pkt-type unicast -j output-casting
+  #rule -m pkttype --pkt-type unicast -j output-casting
   direction input
   rule -m pkttype --pkt-type broadcast -j input-casting
   rule -m pkttype --pkt-type multicast -j input-casting
-  rule -m pkttype --pkt-type unicast -j input-casting
+  #rule -m pkttype --pkt-type unicast -j input-casting
 
 
   # Allow ALL input&output connections that have already been established by this host (using conntrack might be more efficient)