From 549b31ff71f9d718d5e02150c7da384e176270af Mon Sep 17 00:00:00 2001
From: Nico Schottelius <nico@nico-notebook.schottelius.org>
Date: Tue, 24 Dec 2019 11:18:16 +0100
Subject: [PATCH] add loopback traffic

---
 blog/my-notebook-firewall-36c3.mdwn | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/blog/my-notebook-firewall-36c3.mdwn b/blog/my-notebook-firewall-36c3.mdwn
index 5fc846d0..3f8dc8d3 100644
--- a/blog/my-notebook-firewall-36c3.mdwn
+++ b/blog/my-notebook-firewall-36c3.mdwn
@@ -28,9 +28,11 @@ table ip6 filter {
                 type filter hook input priority 0;
                 policy drop;
 
+                iif lo accept
+                ct state established,related accept
+
                 icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, parameter-problem, echo-request, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert } accept
 
-                ct state established,related accept
                 tcp dport { 22, 80, 443 } accept
 
         }
@@ -63,6 +65,7 @@ table ip filter {
                 type filter hook input priority 0;
                 policy drop;
 
+                iif lo accept
                 ct state established,related accept
                 tcp dport { 22 } accept
                 tcp dport { 51820 } accept
@@ -159,5 +162,9 @@ If you have any comments about it, I'm interested in hearing your
 feedback on [the ungleich chat](http://chat.ungleich.ch),
 [twitter](https://twitter.com/NicoSchottelius) or IRC (telmich).
 
+## Update 2019-12-24
+
+I forgot to allow loopback traffic in the original version, which
+breaks some local networking.
 
 [[!tag ccc firewall nftables ipv6]]