From 5af8fad9768394866263f89e9c325f671c67bcc2 Mon Sep 17 00:00:00 2001
From: Tristan PILAT <tpilat@evolix.fr>
Date: Wed, 14 Oct 2020 16:49:23 +0200
Subject: [PATCH] It's easier to just accept all icmp

---
 minifirewall-start.sh | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/minifirewall-start.sh b/minifirewall-start.sh
index a88cd39..6214da5 100755
--- a/minifirewall-start.sh
+++ b/minifirewall-start.sh
@@ -116,8 +116,7 @@ $NFT add rule inet minifirewall minifirewall_input ip saddr $INTLAN accept
 $NFT add rule inet minifirewall minifirewall_input ct state invalid drop
 
 # ICMP and IGMP traffic is accepted
-$NFT add rule inet minifirewall minifirewall_input meta l4proto ipv6-icmp icmpv6 accept
-$NFT add rule inet minifirewall minifirewall_input meta l4proto icmp icmp accept
+$NFT add rule inet minifirewall minifirewall_input ip protocol icmp accept
 $NFT add rule inet minifirewall minifirewall_input ip protocol igmp accept
 
 # New UDP traffic from trusted IPs jumps to the private_udp_ports chain