paulbsd/paulbsd-salt
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

updated nftables state

Browse Source
This commit is contained in:
Paul 2023-03-31 17:40:29 +02:00
parent 5d8819eca7
commit bec2c40b56
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
states/nftables/templates/rules.nft.j2
View File

@ -13,7 +13,7 @@ add rule ip filter INPUT iifname lo counter accept
add rule ip filter INPUT iifname tun* counter accept add rule ip filter INPUT iifname tun* counter accept
add rule ip filter INPUT ct state related,established counter accept add rule ip filter INPUT ct state related,established counter accept
add rule ip filter INPUT ip protocol icmp counter accept add rule ip filter INPUT ip protocol icmp counter accept
{%- for network in net.ip_networks %} {%- for network in net.ip_networks+net.optional_ip_networks %}
{%- if '.' in network %} {%- if '.' in network %}
add rule ip filter INPUT ip saddr {{ network }} ct state established,new counter accept add rule ip filter INPUT ip saddr {{ network }} ct state established,new counter accept
{%- endif %} {%- endif %}