From db5eca7865cf71b8890f90632ed22a9b065d5373 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Thu, 9 Dec 2021 09:32:26 +0100
Subject: vidhar: nftables...

---
 hosts/vidhar/ruleset.nft | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'hosts/vidhar')

diff --git a/hosts/vidhar/ruleset.nft b/hosts/vidhar/ruleset.nft
index f4e2aa94..f5de1bd1 100644
--- a/hosts/vidhar/ruleset.nft
+++ b/hosts/vidhar/ruleset.nft
@@ -72,13 +72,15 @@ table inet filter {
 
   chain output {
     type filter hook output priority filter
-    policy drop
+    policy accept
+
 
+    oifname lo counter accept
 
     oifname != dsl meta l4proto { ipv6-icmp, icmp, igmp } limit name lim_icmp_local counter accept
     oifname dsl meta l4proto { ipv6-icmp, icmp, igmp } limit name lim_icmp_dsl counter accept
+    meta l4proto { ipv6-icmp, icmp, igmp } counter drop
 
-    meta l4proto != { ipv6-icmp, icmp, igmp } counter drop
 
     counter
   }
-- 
cgit v1.2.3