ceph: allow IPv6 neighbor discovery on mgmt interface

2024-11-27 17:37:07 +01:00 · 2024-11-27 17:37:07 +01:00 · ff9620ed2a
parent 0a0ce7e2a5
commit ff9620ed2a
1 changed files with 4 additions and 0 deletions
--- a/roles/ceph/templates/nftables.conf.j2
+++ b/roles/ceph/templates/nftables.conf.j2
@ -42,6 +42,10 @@ table inet filter {
            packet-too-big, parameter-problem, time-exceeded,
        } accept comment "accept some ICMPv6"

+        iif mgmt0 ip6 hoplimit 255 ip6 nexthdr icmpv6 icmpv6 type {
+            nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert
+        } accept comment "accept IPv6 neighbor discovery"
+
        # BGP / BFD sessions
        iif lan0 ip6 saddr fe80::/64 accept
        iif lan1 ip6 saddr fe80::/64 accept