lbailly/liminix
1
0
Fork 0
forked from DGNum/liminix
Code Pull requests 2 Activity Actions

firewall: don't drop in conntrack rule

Browse source 
as there are other rules following that might want to accept
This commit is contained in:
Daniel Barlow 2024-02-08 17:20:39 +00:00
parent 92b0bec038
commit a9ea01428e
1 changed files with 1 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
examples/demo-firewall.nix
View file

@ -199,11 +199,10 @@ in {
hook = "input"; hook = "input";
rules = [ rules = [
"iifname lo accept" "iifname lo accept"
"ct state vmap { established : accept, related : accept, invalid : drop }"
"iifname int jump input-ip4-lan" "iifname int jump input-ip4-lan"
"iifname ppp0 jump input-ip4-wan" "iifname ppp0 jump input-ip4-wan"
"oifname \"int\" iifname \"ppp0\" jump incoming-allowed-ip4" "oifname \"int\" iifname \"ppp0\" jump incoming-allowed-ip4"
"log prefix \"denied input-ip4 \"" "ct state vmap established,related accept"
]; ];
}; };