From 36634a705f9cc8c735bc06b3599de43e6d245e24 Mon Sep 17 00:00:00 2001
From: Tristan PILAT <tpilat@evolix.fr>
Date: Wed, 18 Nov 2020 18:00:01 +0100
Subject: [PATCH] We have to accepted output ICMP and IGMP since we drop output
 traffic by default

---
 minifirewall-start.sh | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/minifirewall-start.sh b/minifirewall-start.sh
index 8a07c40..42d743b 100755
--- a/minifirewall-start.sh
+++ b/minifirewall-start.sh
@@ -381,6 +381,11 @@ fi
 
 $NFT add rule inet minifirewall minifirewall_output ct state established,related accept
 
+# ICMP and IGMP traffic is accepted
+$NFT add rule inet minifirewall minifirewall_output ip protocol icmp accept
+$NFT add rule inet minifirewall minifirewall_output meta l4proto ipv6-icmp accept
+$NFT add rule inet minifirewall minifirewall_output ip protocol igmp accept
+
 trap - INT TERM EXIT
 
 echo "...starting NFTables rules is now finish : OK"