diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2020-11-15 18:42:00 +0100 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2020-11-15 18:42:00 +0100 |
| commit | 8e09a3277931c307e17d037b826fb8efd8979c2d (patch) | |
| tree | 98da320af8656d5c56dc93e9846a96a58e445403 /roles | |
| parent | 4d2a5f9e1ab9fb1c2c8a3bea5e286fa2ad953d6e (diff) | |
Firewall: Add counter to dropped ICMP packets.
Diffstat (limited to 'roles')
| -rwxr-xr-x | roles/common/templates/etc/nftables.conf.j2 | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/roles/common/templates/etc/nftables.conf.j2 b/roles/common/templates/etc/nftables.conf.j2 index cc79671..33407c9 100755 --- a/roles/common/templates/etc/nftables.conf.j2 +++ b/roles/common/templates/etc/nftables.conf.j2 @@ -68,7 +68,7 @@ table netdev filter { ip6 saddr fe80::/10 ip6 daddr ff02::/16 ip6 hoplimit 1 icmpv6 type { 130,131,132,143 } counter accept # drop all remaining ICMP/ICMPv6 traffic - meta l4proto { icmp, icmpv6 } drop + meta l4proto { icmp, icmpv6 } counter drop # bogon filter (cf. RFC 6890 for non-global ip addresses) define bogon = { |