l 2: allow ipv6-icmp

author: lassulus <lass@lassul.us> 2017-02-09 16:57:54 +0100
committer: lassulus <lass@lassul.us> 2017-02-09 16:57:54 +0100
commit: 51761c3b9ba7c994e269328ab68e71318c9fbc34 (patch)
tree: c5ec111145e733577e1d78925ddd65bdf323a6ff /lass/2configs/default.nix
parent: 137c49b847a896009972a3fa7ad2f60358c0a643 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index d1810c00..2441f1b7 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -202,6 +202,7 @@ with import <stockholm/lib>;
       filter.INPUT.rules = [
         { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; }
         { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; }
+        { predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false;  precedence = 10000; }
         { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; }
         { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; }
         { predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; }
author	lassulus <lass@lassul.us>	2017-02-09 16:57:54 +0100
committer	lassulus <lass@lassul.us>	2017-02-09 16:57:54 +0100
commit	51761c3b9ba7c994e269328ab68e71318c9fbc34 (patch)
tree	c5ec111145e733577e1d78925ddd65bdf323a6ff /lass/2configs/default.nix
parent	137c49b847a896009972a3fa7ad2f60358c0a643 (diff)