From abd86d7bd35ae30e9eeffc33a798faca9e2b0486 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sun, 6 Feb 2022 18:20:18 +0100
Subject: bifrost: ...

---
 hosts/surtr/ruleset.nft | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'hosts/surtr/ruleset.nft')

diff --git a/hosts/surtr/ruleset.nft b/hosts/surtr/ruleset.nft
index 9d6fd373..998bd037 100644
--- a/hosts/surtr/ruleset.nft
+++ b/hosts/surtr/ruleset.nft
@@ -44,10 +44,12 @@ table inet filter {
 
     iifname lo counter accept
 
-    meta l4proto $icmp_protos iifname {yggdrasil, bifrost} oifname ens3 limit name lim_icmp counter drop
-    meta l4proto $icmp_protos iifname {yggdrasil, bifrost} oifname ens3 counter accept
+    meta l4proto $icmp_protos iifname {yggdrasil, bifrost} oifname {bifrost, ens3} limit name lim_icmp counter drop
+    meta l4proto $icmp_protos iifname {yggdrasil, bifrost} oifname {bifrost, ens3} counter accept
     meta l4proto $icmp_protos ct state {established, related} limit name lim_icmp counter drop
     meta l4proto $icmp_protos ct state {established, related} counter accept
+    meta l4proto $icmp_protos oifname bifrost limit name lim_icmp counter drop
+    meta l4proto $icmp_protos oifname bifrost counter accept
 
 
     oifname bifrost counter accept
-- 
cgit v1.2.3