X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;f=src%2FPVE%2FFirewall.pm;fp=src%2FPVE%2FFirewall.pm;h=806fd4bb5eea100afdc1c0dc055f64af8c9a28b5;hb=58ca8ec0a0e572bba9e08564a61eb17f8c91a3d5;hp=1607b74c5aebf90fceb6062ee41caa02965d8739;hpb=bbf77725f26253899db1371f671256a5703ff680;p=pve-firewall.git

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 1607b74..806fd4b 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -666,14 +666,10 @@ $pve_std_chains_conf->{6} = {
 	#{ action => 'DROP', dest => '224.0.0.0/4' },
     ],
     'PVEFW-reject' => [
-	# same as shorewall 'reject'
-	#{ action => 'DROP', dsttype => 'BROADCAST' },
-	#{ action => 'DROP', source => '224.0.0.0/4' },
 	{ action => 'DROP', proto => 'icmpv6' },
 	{ match => '-p tcp', target => '-j REJECT --reject-with tcp-reset' },
-	#"-p udp -j REJECT --reject-with icmp-port-unreachable",
-	#"-p icmp -j REJECT --reject-with icmp-host-unreachable",
-	#"-j REJECT --reject-with icmp-host-prohibited",
+	{ match => '-p udp', target => '-j REJECT --reject-with icmp6-port-unreachable' },
+	{ target => '-j REJECT --reject-with icmp6-adm-prohibited' },
     ],
     'PVEFW-Drop' => [
 	# same as shorewall 'Drop', which is equal to DROP,