]> git.proxmox.com Git - pve-firewall.git/blobdiff - src/PVE/Firewall.pm
projects / pve-firewall.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
fix #2721: remove reject tcp 43 from default drop and reject actions
[pve-firewall.git] / src / PVE / Firewall.pm
diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index fc5c077d80b30ea786039ef9220770e946bd3929..edc5336c726ce7805025dfcda86d9a0050304aa8 100644 (file)
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -592,7 +592,6 @@ $pve_std_chains_conf->{4} = {
        # same as shorewall 'Drop', which is equal to DROP,
        # but REJECT/DROP some packages to reduce logging,
        # and ACCEPT critical ICMP types
-       { action => 'PVEFW-reject',  proto => 'tcp', dport => '43' }, # REJECT 'auth'
        # we are not interested in BROADCAST/MULTICAST/ANYCAST
        { action => 'PVEFW-DropBroadcast' },
        # ACCEPT critical ICMP types
@@ -615,7 +614,6 @@ $pve_std_chains_conf->{4} = {
        # same as shorewall 'Reject', which is equal to Reject,
        # but REJECT/DROP some packages to reduce logging,
        # and ACCEPT critical ICMP types
-       { action => 'PVEFW-reject',  proto => 'tcp', dport => '43' }, # REJECT 'auth'
        # we are not interested in BROADCAST/MULTICAST/ANYCAST
        { action => 'PVEFW-DropBroadcast' },
        # ACCEPT critical ICMP types
Firewall test scripts