firewall: don't drop in conntrack rule

as there are other rules following that might want to accept
2024-02-08 17:20:39 +00:00 · 2024-02-08 17:20:39 +00:00 · a9ea01428e
commit a9ea01428e
parent 92b0bec038
1 changed files with 1 additions and 2 deletions
--- a/examples/demo-firewall.nix
+++ b/examples/demo-firewall.nix
@ -199,11 +199,10 @@ in {
    hook = "input";
    rules = [
      "iifname lo accept"
-      "ct state vmap { established : accept, related : accept, invalid : drop }"
      "iifname int jump input-ip4-lan"
      "iifname ppp0 jump input-ip4-wan"
      "oifname \"int\" iifname \"ppp0\" jump incoming-allowed-ip4"
-      "log prefix \"denied input-ip4 \""
+      "ct state vmap established,related accept"
    ];
  };