add loopback traffic
This commit is contained in:
parent
4b084213c9
commit
549b31ff71
|
@ -28,9 +28,11 @@ table ip6 filter {
|
||||||
type filter hook input priority 0;
|
type filter hook input priority 0;
|
||||||
policy drop;
|
policy drop;
|
||||||
|
|
||||||
|
iif lo accept
|
||||||
|
ct state established,related accept
|
||||||
|
|
||||||
icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, parameter-problem, echo-request, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert } accept
|
icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, parameter-problem, echo-request, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert } accept
|
||||||
|
|
||||||
ct state established,related accept
|
|
||||||
tcp dport { 22, 80, 443 } accept
|
tcp dport { 22, 80, 443 } accept
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -63,6 +65,7 @@ table ip filter {
|
||||||
type filter hook input priority 0;
|
type filter hook input priority 0;
|
||||||
policy drop;
|
policy drop;
|
||||||
|
|
||||||
|
iif lo accept
|
||||||
ct state established,related accept
|
ct state established,related accept
|
||||||
tcp dport { 22 } accept
|
tcp dport { 22 } accept
|
||||||
tcp dport { 51820 } accept
|
tcp dport { 51820 } accept
|
||||||
|
@ -159,5 +162,9 @@ If you have any comments about it, I'm interested in hearing your
|
||||||
feedback on [the ungleich chat](http://chat.ungleich.ch),
|
feedback on [the ungleich chat](http://chat.ungleich.ch),
|
||||||
[twitter](https://twitter.com/NicoSchottelius) or IRC (telmich).
|
[twitter](https://twitter.com/NicoSchottelius) or IRC (telmich).
|
||||||
|
|
||||||
|
## Update 2019-12-24
|
||||||
|
|
||||||
|
I forgot to allow loopback traffic in the original version, which
|
||||||
|
breaks some local networking.
|
||||||
|
|
||||||
[[!tag ccc firewall nftables ipv6]]
|
[[!tag ccc firewall nftables ipv6]]
|
||||||
|
|
Loading…
Reference in New Issue