paulbsd/paulbsd-salt
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

updated nftables state

Browse Source
This commit is contained in:
Paul 2021-06-14 23:06:41 +02:00
parent 631f81b740
commit 538e5e9b8d
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
states/nftables/nftables.conf.j2
View File

@ -38,7 +38,7 @@ add chain ip6 filter6 output { type filter hook output priority 0; policy accept
add rule ip6 filter6 input iifname lo counter accept add rule ip6 filter6 input iifname lo counter accept
add rule ip6 filter6 input iifname tun* counter accept add rule ip6 filter6 input iifname tun* counter accept
add rule ip6 filter6 input ct state related,established counter accept add rule ip6 filter6 input ct state related,established counter accept
add rule ip6 filter6 input icmpv6 type { nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert } accept add rule ip6 filter6 input icmpv6 type {destination-unreachable, packet-too-big, time-exceeded, echo-request, echo-reply, mld-listener-query, mld-listener-report, mld-listener-reduction, nd-router-solicit, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert, nd-redirect, parameter-problem, router-renumbering} accept
{%- for key, value in net.ipv6_networks.items() %} {%- for key, value in net.ipv6_networks.items() %}
add rule ip6 filter6 input ip6 saddr {{ value.ip }}/{{ value.mask }} ct state established,new counter accept add rule ip6 filter6 input ip6 saddr {{ value.ip }}/{{ value.mask }} ct state established,new counter accept
{%- endfor %} {%- endfor %}