Am 13/05/2024 um 14:14 schrieb Stefan Hanreich: > ICMPv6 has different message types for rejecting traffic. With ICMP we > used host-prohibited as rejection type, which doesn't exist in ICMPv6. > Add an additional rule for IPv6, so it uses admin-prohibited. > > Additionally, add a terminal drop statement in order to prevent any > traffic that does not get matched from bypassing the reject chain. > > Signed-off-by: Stefan Hanreich <s.hanre...@proxmox.com> > --- > Changes from v1 -> v2: > * add a terminal drop statement to prevent any unmatched traffic from > bypassing the reject chain > * properly match ICMPv6 traffic via l4proto > > proxmox-firewall/resources/proxmox-firewall.nft | 8 ++++++-- > 1 file changed, 6 insertions(+), 2 deletions(-) > >
applied, with an updated commit subject (as per our guideline[0], using the "firewall" tag inside a repo that has "firewall" already in the name is not really adding much), thanks! [0]: https://pve.proxmox.com/wiki/Developer_Documentation#Commits_and_Commit_Messages _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
