nftables: Fix support for raw rules
This commit is contained in:
parent
46a15fb9ce
commit
ededecd167
1 changed files with 10 additions and 0 deletions
|
|
@ -8,6 +8,11 @@ table ip filter {
|
||||||
ct state vmap { established : accept, related : accept }
|
ct state vmap { established : accept, related : accept }
|
||||||
ip protocol icmp accept
|
ip protocol icmp accept
|
||||||
iifname lo accept
|
iifname lo accept
|
||||||
|
{% if firewall_raw is defined %}
|
||||||
|
{% for rule in firewall_raw %}
|
||||||
|
{{ rule }}
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
{% for rule in firewall_in %}
|
{% for rule in firewall_in %}
|
||||||
{% if rule.from is defined %}
|
{% if rule.from is defined %}
|
||||||
{% for from in rule.from %}
|
{% for from in rule.from %}
|
||||||
|
|
@ -35,6 +40,11 @@ table ip6 filter {
|
||||||
type filter hook input priority 0; policy accept
|
type filter hook input priority 0; policy accept
|
||||||
ct state vmap { established : accept, related : accept }
|
ct state vmap { established : accept, related : accept }
|
||||||
ip6 nexthdr icmpv6 accept
|
ip6 nexthdr icmpv6 accept
|
||||||
|
{% if firewall_raw6 is defined %}
|
||||||
|
{% for rule in firewall_raw6 %}
|
||||||
|
{{ rule }}
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
{% for rule in firewall_in %}
|
{% for rule in firewall_in %}
|
||||||
{% if rule.from is defined %}
|
{% if rule.from is defined %}
|
||||||
{% for from in rule.from %}
|
{% for from in rule.from %}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue