It's easier to just accept all icmp

2020-10-14 16:49:23 +02:00 · 2020-10-14 16:49:23 +02:00 · 5af8fad976
parent 79f6d47a6c
commit 5af8fad976
1 changed files with 1 additions and 2 deletions
--- a/minifirewall-start.sh
+++ b/minifirewall-start.sh
@ -116,8 +116,7 @@ $NFT add rule inet minifirewall minifirewall_input ip saddr $INTLAN accept
 $NFT add rule inet minifirewall minifirewall_input ct state invalid drop

 # ICMP and IGMP traffic is accepted
-$NFT add rule inet minifirewall minifirewall_input meta l4proto ipv6-icmp icmpv6 accept
-$NFT add rule inet minifirewall minifirewall_input meta l4proto icmp icmp accept
+$NFT add rule inet minifirewall minifirewall_input ip protocol icmp accept
 $NFT add rule inet minifirewall minifirewall_input ip protocol igmp accept

 # New UDP traffic from trusted IPs jumps to the private_udp_ports chain