evolix/minifirewall
21
0
Fork 0
Code Issues 4 Pull requests 3 Releases 1 Activity

Don't prevent ICMP replies to go out and only drop TCP and UDP

Browse source
This commit is contained in:
Tristan PILAT 2020-09-07 11:18:52 +02:00
parent 5f4787d3fd
commit 4781ef509c
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
minifirewall-start.sh
View file

@ -322,7 +322,8 @@ fi
## Eventually, we drop the output traffic
$NFT add rule inet minifirewall minifirewall_output ct state established,related accept
$NFT add rule inet minifirewall minifirewall_output drop
$NFT add rule inet minifirewall minifirewall_output meta l4proto udp drop
$NFT add rule inet minifirewall minifirewall_output meta l4proto tcp drop
trap - INT TERM EXIT