From 9720379c1443595d74f7959a7689b5dc364b8cde Mon Sep 17 00:00:00 2001
From: Timotej Lazar <timotej.lazar@fri.uni-lj.si>
Date: Thu, 23 Jan 2025 13:12:25 +0100
Subject: [PATCH] proxmox-backup: allow IPv6 ND on management interface
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

IPv6 doesn’t work otherwise.
---
 roles/proxmox-backup/templates/nftables.conf.j2 | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/roles/proxmox-backup/templates/nftables.conf.j2 b/roles/proxmox-backup/templates/nftables.conf.j2
index aff70a9..eed9e44 100644
--- a/roles/proxmox-backup/templates/nftables.conf.j2
+++ b/roles/proxmox-backup/templates/nftables.conf.j2
@@ -19,6 +19,10 @@ table inet filter {
             packet-too-big, parameter-problem, time-exceeded,
         } accept comment "accept some ICMPv6"
 
+        iif mgmt0 ip6 hoplimit 255 ip6 nexthdr icmpv6 icmpv6 type {
+            nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert
+        } accept comment "accept IPv6 neighbor discovery"
+
         # BGP / BFD sessions
         iif lan0 ip6 saddr fe80::/64 accept
         iif lan1 ip6 saddr fe80::/64 accept