diff options
author | netblue30 <netblue30@protonmail.com> | 2022-10-25 14:33:56 -0400 |
---|---|---|
committer | netblue30 <netblue30@protonmail.com> | 2022-10-25 14:33:56 -0400 |
commit | 549d59f55df0b5412eb5fbecfb3586bfa222bd8d (patch) | |
tree | 4e4b196fb1931bd510ae77b4de6de4326d5f1d03 | |
parent | removed grsecurity support (diff) | |
download | firejail-549d59f55df0b5412eb5fbecfb3586bfa222bd8d.tar.gz firejail-549d59f55df0b5412eb5fbecfb3586bfa222bd8d.tar.zst firejail-549d59f55df0b5412eb5fbecfb3586bfa222bd8d.zip |
fix nolocal netfilter
-rw-r--r-- | etc/net/nolocal.net | 2 | ||||
-rw-r--r-- | etc/net/nolocal6.net | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/etc/net/nolocal.net b/etc/net/nolocal.net index 0eb9f9784..a37b18599 100644 --- a/etc/net/nolocal.net +++ b/etc/net/nolocal.net | |||
@@ -20,8 +20,8 @@ | |||
20 | 20 | ||
21 | # allow ping etc. | 21 | # allow ping etc. |
22 | -A INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT | 22 | -A INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT |
23 | -A INPUT -p icmp --icmp-type time-exceeded -j ACCEPT | ||
24 | -A INPUT -p icmp --icmp-type echo-request -j ACCEPT | 23 | -A INPUT -p icmp --icmp-type echo-request -j ACCEPT |
24 | -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT | ||
25 | 25 | ||
26 | # accept dns requests going out to a server on the local network | 26 | # accept dns requests going out to a server on the local network |
27 | -A OUTPUT -p udp --dport 53 -j ACCEPT | 27 | -A OUTPUT -p udp --dport 53 -j ACCEPT |
diff --git a/etc/net/nolocal6.net b/etc/net/nolocal6.net index 5a6678d03..5a66f0bbc 100644 --- a/etc/net/nolocal6.net +++ b/etc/net/nolocal6.net | |||
@@ -20,8 +20,8 @@ | |||
20 | 20 | ||
21 | # allow ping etc. | 21 | # allow ping etc. |
22 | -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type destination-unreachable -j ACCEPT | 22 | -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type destination-unreachable -j ACCEPT |
23 | -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type time-exceeded -j ACCEPT | ||
24 | -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type echo-request -j ACCEPT | 23 | -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type echo-request -j ACCEPT |
24 | -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type echo-reply -j ACCEPT | ||
25 | # required for ipv6 | 25 | # required for ipv6 |
26 | -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type router-solicitation -j ACCEPT | 26 | -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type router-solicitation -j ACCEPT |
27 | -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type neighbour-solicitation -j ACCEPT | 27 | -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type neighbour-solicitation -j ACCEPT |