diff options
| author | Kenny Ballou <kballou@devnulllabs.io> | 2019-07-10 15:07:42 -0600 |
|---|---|---|
| committer | Kenny Ballou <kballou@devnulllabs.io> | 2019-07-10 15:07:42 -0600 |
| commit | 1283ab5c6ea276b22300a835a3ed99e8c7935a9f (patch) | |
| tree | 09a8b05cba2d88a46a2a8e5aac8d2e3ef5de9beb /services | |
| parent | 6d3b5fb936f44cf260ed246ef8185245dd2feefc (diff) | |
| download | cfg.nix-1283ab5c6ea276b22300a835a3ed99e8c7935a9f.tar.gz cfg.nix-1283ab5c6ea276b22300a835a3ed99e8c7935a9f.tar.xz | |
firewall: add icmp echo-{request,reply} output rules
Signed-off-by: Kenny Ballou <kballou@devnulllabs.io>
Diffstat (limited to 'services')
| -rw-r--r-- | services/nftables-rules.nft | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/services/nftables-rules.nft b/services/nftables-rules.nft index a21f95f..be39d0b 100644 --- a/services/nftables-rules.nft +++ b/services/nftables-rules.nft @@ -24,6 +24,8 @@ table inet filter { chain output { type filter hook output priority 0; policy drop; ct state established,related counter accept + icmp type echo-request counter accept + icmp type echo-reply counter accept udp dport domain counter accept tcp dport http counter accept tcp dport https counter accept |