#!/bin/bash
#Copyright 2004 William Stearns <wstearns@pobox.com>
#Released under the GPL
#Automatically generated by Modwall, http://www.stearns.org/modwall/

#==== Brick specific help ====
#	The icmpfwdchk module checks only icmp packets being forwarded through
#this router.  It specifically disallows fragmented ICMP and ICMP
#redirects.  Both should be universally safe to forward.

/usr/bin/sudo /sbin/iptables -N icmpfwdchk
/usr/bin/sudo /sbin/iptables -A icmpfwdchk -p icmp -f -j DROP
/usr/bin/sudo /sbin/iptables -A icmpfwdchk -p icmp --icmp-type redirect -j DROP
/usr/bin/sudo /sbin/iptables -A FORWARD -p icmp -j icmpfwdchk