summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2020-11-15 18:42:00 +0100
committerGuilhem Moulin <guilhem@fripost.org>2020-11-15 18:42:00 +0100
commit8e09a3277931c307e17d037b826fb8efd8979c2d (patch)
tree98da320af8656d5c56dc93e9846a96a58e445403
parent4d2a5f9e1ab9fb1c2c8a3bea5e286fa2ad953d6e (diff)
Firewall: Add counter to dropped ICMP packets.
-rwxr-xr-xroles/common/templates/etc/nftables.conf.j22
1 files changed, 1 insertions, 1 deletions
diff --git a/roles/common/templates/etc/nftables.conf.j2 b/roles/common/templates/etc/nftables.conf.j2
index cc79671..33407c9 100755
--- a/roles/common/templates/etc/nftables.conf.j2
+++ b/roles/common/templates/etc/nftables.conf.j2
@@ -68,7 +68,7 @@ table netdev filter {
ip6 saddr fe80::/10 ip6 daddr ff02::/16 ip6 hoplimit 1 icmpv6 type { 130,131,132,143 } counter accept
# drop all remaining ICMP/ICMPv6 traffic
- meta l4proto { icmp, icmpv6 } drop
+ meta l4proto { icmp, icmpv6 } counter drop
# bogon filter (cf. RFC 6890 for non-global ip addresses)
define bogon = {