firewall: forward ICMP(v6) packets

This commit is contained in:
Timotej Lazar 2024-09-21 20:19:55 +02:00
parent f8e8acb521
commit 7e02a13144

View file

@ -123,6 +123,18 @@ table inet filter {
ct status dnat accept \ ct status dnat accept \
comment "Forward DNAT traffic for servers and suchlike" comment "Forward DNAT traffic for servers and suchlike"
ip protocol icmp icmp type {
echo-request, echo-reply, destination-unreachable,
parameter-problem, time-exceeded,
} accept \
comment "Accept ICMPv4"
ip6 nexthdr icmpv6 icmpv6 type {
echo-request, echo-reply, destination-unreachable,
packet-too-big, parameter-problem, time-exceeded,
} accept \
comment "Accept ICMPv6"
include "/etc/nftables.d/forward.nft*" include "/etc/nftables.d/forward.nft*"
} }