diff options
| -rw-r--r-- | roles/space_server/files/nftables/nftables.conf | 9 | 
1 files changed, 5 insertions, 4 deletions
| diff --git a/roles/space_server/files/nftables/nftables.conf b/roles/space_server/files/nftables/nftables.conf index f038d60..5583749 100644 --- a/roles/space_server/files/nftables/nftables.conf +++ b/roles/space_server/files/nftables/nftables.conf @@ -134,10 +134,11 @@ table ip6 filter {  		ct state invalid drop  		# no ping floods -		ip6 nexthdr { hopopt, ipv6-icmp } limit rate 100/second accept -		ip6 nexthdr { hopopt, ipv6-icmp } drop +		ip6 nexthdr ipv6-icmp limit rate 100/second accept +		ip6 nexthdr ipv6-icmp drop  		iif lo accept +		iif { $adm_if, $wire_if, $priv_if, $free_if, $pass_if } hbh nexthdr ipv6-icmp accept  		# bird etc. on fiberby link  		iif $ext_if ip6 saddr $link_net6 ip6 daddr $link_net6 counter accept @@ -146,8 +147,8 @@ table ip6 filter {  		tcp dport 22 accept  		# dns -		ip6 saddr $ext_net6 tcp dport 53 accept -		ip6 saddr $ext_net6 udp dport 53 accept +		tcp dport 53 ip6 saddr $ext_net6 accept +		udp dport 53 ip6 saddr $ext_net6 accept  		# avahi  		ip6 daddr ff02::fb udp dport 5353 iif $avahi_ifs accept | 
