From 1283ab5c6ea276b22300a835a3ed99e8c7935a9f Mon Sep 17 00:00:00 2001
From: Kenny Ballou <kballou@devnulllabs.io>
Date: Wed, 10 Jul 2019 15:07:42 -0600
Subject: firewall: add icmp echo-{request,reply} output rules

Signed-off-by: Kenny Ballou <kballou@devnulllabs.io>
---
 services/nftables-rules.nft | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'services')

diff --git a/services/nftables-rules.nft b/services/nftables-rules.nft
index a21f95f..be39d0b 100644
--- a/services/nftables-rules.nft
+++ b/services/nftables-rules.nft
@@ -24,6 +24,8 @@ table inet filter {
     chain output {
         type filter hook output priority 0; policy drop;
         ct state established,related counter accept
+        icmp type echo-request counter accept
+        icmp type echo-reply counter accept
         udp dport domain counter accept
         tcp dport http counter accept
         tcp dport https counter accept
-- 
cgit v1.2.1