From 4781ef509cfe7b49739293c0e0849b433b7c542d Mon Sep 17 00:00:00 2001
From: Tristan PILAT <tpilat@evolix.fr>
Date: Mon, 7 Sep 2020 11:18:52 +0200
Subject: [PATCH] Don't prevent ICMP replies to go out and only drop TCP and
 UDP

---
 minifirewall-start.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/minifirewall-start.sh b/minifirewall-start.sh
index 66776da..aa95502 100755
--- a/minifirewall-start.sh
+++ b/minifirewall-start.sh
@@ -322,7 +322,8 @@ fi
 
 ## Eventually, we drop the output traffic
 $NFT add rule inet minifirewall minifirewall_output ct state established,related accept
-$NFT add rule inet minifirewall minifirewall_output drop
+$NFT add rule inet minifirewall minifirewall_output meta l4proto udp drop
+$NFT add rule inet minifirewall minifirewall_output meta l4proto tcp drop
 
 trap - INT TERM EXIT