paulbsd/paulbsd-salt
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

updated nftables state
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
Paul 2024-07-21 23:03:36 +02:00
parent 63c1df90e7
commit e2b1bf4cda
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
states/nftables/templates/rules.nft.j2
View File

@ -11,6 +11,7 @@ add chain ip filter OUTPUT { type filter hook output priority 0; policy accept;
add chain ip filter DOCKER
add rule ip filter INPUT iifname lo counter accept
add rule ip filter INPUT iifname tun* counter accept
add rule ip filter INPUT iifname tailscale* counter accept
add rule ip filter INPUT iifname br* counter accept
add rule ip filter INPUT iifname veth* counter accept
add rule ip filter INPUT iifname lxc* counter accept
@ -60,6 +61,7 @@ add chain ip6 filter6 FORWARD { type filter hook forward priority 0; policy acce
add chain ip6 filter6 OUTPUT { type filter hook output priority 0; policy accept; }
add rule ip6 filter6 INPUT iifname lo counter accept
add rule ip6 filter6 INPUT iifname tun* counter accept
add rule ip6 filter6 INPUT iifname tailscale* counter accept
add rule ip6 filter6 INPUT ct state related,established counter accept
add rule ip6 filter6 INPUT icmpv6 type {destination-unreachable, packet-too-big, time-exceeded, echo-request, echo-reply, mld-listener-query, mld-listener-report, mld-listener-reduction, nd-router-solicit, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert, nd-redirect, parameter-problem, router-renumbering} accept
{%- for network in net.ip_networks %}