foo.sh/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

nftables: Fix opening ports without ip range

Browse source
This commit is contained in:
Timo Makinen 2022-11-06 17:38:27 +00:00
parent 82e029593e
commit 4373c84301
1 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

6
roles/nftables/templates/nftables.conf.j2
View file

@ -19,7 +19,7 @@ table ip filter {
{% endif %}
{% endfor %}
{% else %}
ip {{ rule.proto }} dport {{ rule.port }} accept
{{ rule.proto }} dport {{ rule.port }} accept
{% endif %}
{% endfor %}
reject with icmp type host-prohibited
@ -42,11 +42,11 @@ table ip6 filter {
{% set from = lookup('dig', from) %}
{% endif %}
{% if from | ipv6 %}
ip saddr {{ from }} {{ rule.proto }} dport {{ rule.port }} accept
ip6 saddr {{ from }} {{ rule.proto }} dport {{ rule.port }} accept
{% endif %}
{% endfor %}
{% else %}
ip {{ rule.proto }} dport {{ rule.port }} accept
{{ rule.proto }} dport {{ rule.port }} accept
{% endif %}
{% endfor %}
reject with icmpv6 type admin-prohibited