From 8e09a3277931c307e17d037b826fb8efd8979c2d Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Sun, 15 Nov 2020 18:42:00 +0100 Subject: Firewall: Add counter to dropped ICMP packets. --- roles/common/templates/etc/nftables.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'roles/common/templates') diff --git a/roles/common/templates/etc/nftables.conf.j2 b/roles/common/templates/etc/nftables.conf.j2 index cc79671..33407c9 100755 --- a/roles/common/templates/etc/nftables.conf.j2 +++ b/roles/common/templates/etc/nftables.conf.j2 @@ -68,7 +68,7 @@ table netdev filter { ip6 saddr fe80::/10 ip6 daddr ff02::/16 ip6 hoplimit 1 icmpv6 type { 130,131,132,143 } counter accept # drop all remaining ICMP/ICMPv6 traffic - meta l4proto { icmp, icmpv6 } drop + meta l4proto { icmp, icmpv6 } counter drop # bogon filter (cf. RFC 6890 for non-global ip addresses) define bogon = { -- cgit v1.2.3