From: Kevin Day <thekevinday@gmail.com>
Date: Wed, 14 Jan 2015 04:57:48 +0000 (-0600)
Subject: Update: oops! don't block unicasts by default
X-Git-Tag: 0.4.2~6
X-Git-Url: https://git.kevux.org/?a=commitdiff_plain;h=baf947253ea4c9c59864542ca7e22b96f8b1c5d8;p=fll

Update: oops! don't block unicasts by default

Whoops, I overlooked that unicast was the name for the normal, expected, behavior of standard point to point network connections.
---

diff --git a/level_3/firewall/data/settings/firewall-first b/level_3/firewall/data/settings/firewall-first
index 5db789b..788de35 100644
--- a/level_3/firewall/data/settings/firewall-first
+++ b/level_3/firewall/data/settings/firewall-first
@@ -44,14 +44,15 @@ main:
 
 
   # Drop multicasts and broadcasts, they should not exist for a router and in most cases should be avoided.
+  # unicasts are the normal behavior and blocking them would be very unusual.
   direction output
   rule -m pkttype --pkt-type broadcast -j output-casting
   rule -m pkttype --pkt-type multicast -j output-casting
-  rule -m pkttype --pkt-type unicast -j output-casting
+  #rule -m pkttype --pkt-type unicast -j output-casting
   direction input
   rule -m pkttype --pkt-type broadcast -j input-casting
   rule -m pkttype --pkt-type multicast -j input-casting
-  rule -m pkttype --pkt-type unicast -j input-casting
+  #rule -m pkttype --pkt-type unicast -j input-casting
 
 
   # Allow ALL input&output connections that have already been established by this host (using conntrack might be more efficient)