Skip to content

Commit

Permalink
Merge pull request #12423 from rafalborczuch/patch-1
Browse files Browse the repository at this point in the history 
lxd/firewall: Fix nftables ACL template
  • Loading branch information
@tomponline
tomponline authored Oct 20, 2023
2 parents b880545 + 89d4048 commit 6ab06f9
Showing 1 changed file with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions lxd/firewall/drivers/drivers_nftables_templates.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -136,7 +136,7 @@ table {{.family}} {{.namespace}} {
# Allow core ICMPv6 to LXD host.
iifname "{{$.networkName}}" icmpv6 type {1, 2, 3, 4, 133, 135, 136, 143} accept
iifname {{.networkName}} jump acl{{.chainSeparator}}{{.networkName}}
iifname "{{.networkName}}" jump acl{{.chainSeparator}}{{.networkName}}
}
chain aclout{{.chainSeparator}}{{.networkName}} {
Expand All @@ -150,12 +150,12 @@ table {{.family}} {{.namespace}} {
# Allow ICMPv6 ping from host into network as dnsmasq uses this to probe IP allocations.
oifname "{{$.networkName}}" icmpv6 type {1, 2, 3, 4, 128, 134, 135, 136, 143} accept
oifname {{.networkName}} jump acl{{.chainSeparator}}{{.networkName}}
oifname "{{.networkName}}" jump acl{{.chainSeparator}}{{.networkName}}
}
chain aclfwd{{.chainSeparator}}{{.networkName}} {
iifname {{.networkName}} jump acl{{.chainSeparator}}{{.networkName}}
oifname {{.networkName}} jump acl{{.chainSeparator}}{{.networkName}}
iifname "{{.networkName}}" jump acl{{.chainSeparator}}{{.networkName}}
oifname "{{.networkName}}" jump acl{{.chainSeparator}}{{.networkName}}
}
}
`))
Expand Down

0 comments on commit 6ab06f9

Please sign in to comment.