From 538e5e9b8df9ec179694acb559667795ae3b6701 Mon Sep 17 00:00:00 2001
From: Paul Lecuq <paul@paulbsd.com>
Date: Mon, 14 Jun 2021 23:06:41 +0200
Subject: [PATCH] updated nftables state

---
 states/nftables/nftables.conf.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/states/nftables/nftables.conf.j2 b/states/nftables/nftables.conf.j2
index f461818..6013de3 100644
--- a/states/nftables/nftables.conf.j2
+++ b/states/nftables/nftables.conf.j2
@@ -38,7 +38,7 @@ add chain ip6 filter6 output { type filter hook output priority 0; policy accept
 add rule ip6 filter6 input iifname lo counter accept
 add rule ip6 filter6 input iifname tun* counter accept
 add rule ip6 filter6 input ct state related,established counter accept
-add rule ip6 filter6 input icmpv6 type { nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert } accept
+add rule ip6 filter6 input icmpv6 type {destination-unreachable, packet-too-big, time-exceeded, echo-request, echo-reply, mld-listener-query, mld-listener-report, mld-listener-reduction, nd-router-solicit, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert, nd-redirect, parameter-problem, router-renumbering} accept
 {%- for key, value in net.ipv6_networks.items() %}
 add rule ip6 filter6 input ip6 saddr {{ value.ip }}/{{ value.mask }} ct state established,new counter accept
 {%- endfor %}