kjuulh/wireguard-setup
1
0
Fork 0
Code Issues 1 Pull Requests Projects Releases Wiki Activity

Simplified nftables rules

Browse Source
This commit is contained in:
Héctor Molinero Fernández 2021-12-24 14:33:12 +01:00
parent 2718ea4106
commit ff14b623de
1 changed files with 3 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
packer/rootfs/etc/nftables.conf
View File

@ -13,12 +13,9 @@ table inet filter {
# Accept traffic originated from us. # Accept traffic originated from us.
ct state { established, related } accept; ct state { established, related } accept;
# Accept neighbour discovery otherwise IPv6 connectivity breaks. # Accept ICMP and ICMPv6 traffic.
ip6 nexthdr icmpv6 icmpv6 type { nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert } accept; meta l4proto icmp accept;
meta l4proto ipv6-icmp accept;
# Accept all ICMP types.
ip protocol icmp accept;
ip6 nexthdr icmpv6 accept;
# Accept SSH traffic. # Accept SSH traffic.
tcp dport 122 accept; tcp dport 122 accept;