From bec2c40b56a143d40d0d34edc6056dad08d88913 Mon Sep 17 00:00:00 2001
From: Paul Lecuq <paul@paulbsd.com>
Date: Fri, 31 Mar 2023 17:40:29 +0200
Subject: [PATCH] updated nftables state

---
 states/nftables/templates/rules.nft.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/states/nftables/templates/rules.nft.j2 b/states/nftables/templates/rules.nft.j2
index ff548f1..71881d4 100644
--- a/states/nftables/templates/rules.nft.j2
+++ b/states/nftables/templates/rules.nft.j2
@@ -13,7 +13,7 @@ add rule ip filter INPUT iifname lo counter accept
 add rule ip filter INPUT iifname tun* counter accept
 add rule ip filter INPUT ct state related,established counter accept
 add rule ip filter INPUT ip protocol icmp counter accept
-{%- for network in net.ip_networks %}
+{%- for network in net.ip_networks+net.optional_ip_networks %}
 {%- if '.' in network %}
 add rule ip filter INPUT ip saddr {{ network }} ct state established,new counter accept
 {%- endif %}