diff options
| author |  netblue30 <netblue30@protonmail.com> | 2022-10-25 14:33:56 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@protonmail.com> | 2022-10-25 14:33:56 -0400 |
| commit | 549d59f55df0b5412eb5fbecfb3586bfa222bd8d (patch) | |
| tree | 4e4b196fb1931bd510ae77b4de6de4326d5f1d03 /etc | |
| parent | removed grsecurity support (diff) | |
| download | firejail-549d59f55df0b5412eb5fbecfb3586bfa222bd8d.tar.gz firejail-549d59f55df0b5412eb5fbecfb3586bfa222bd8d.tar.zst firejail-549d59f55df0b5412eb5fbecfb3586bfa222bd8d.zip | |
fix nolocal netfilter
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/net/nolocal.net | 2 | ||||
| -rw-r--r-- | etc/net/nolocal6.net | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/etc/net/nolocal.net b/etc/net/nolocal.net index 0eb9f9784..a37b18599 100644 --- a/etc/net/nolocal.net +++ b/etc/net/nolocal.net | |||
| @@ -20,8 +20,8 @@ | |||
| 20 | 20 | ||
| 21 | # allow ping etc. | 21 | # allow ping etc. |
| 22 | -A INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT | 22 | -A INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT |
| 23 | -A INPUT -p icmp --icmp-type time-exceeded -j ACCEPT | ||
| 24 | -A INPUT -p icmp --icmp-type echo-request -j ACCEPT | 23 | -A INPUT -p icmp --icmp-type echo-request -j ACCEPT |
| 24 | -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT | ||
| 25 | 25 | ||
| 26 | # accept dns requests going out to a server on the local network | 26 | # accept dns requests going out to a server on the local network |
| 27 | -A OUTPUT -p udp --dport 53 -j ACCEPT | 27 | -A OUTPUT -p udp --dport 53 -j ACCEPT |
diff --git a/etc/net/nolocal6.net b/etc/net/nolocal6.net index 5a6678d03..5a66f0bbc 100644 --- a/etc/net/nolocal6.net +++ b/etc/net/nolocal6.net | |||
| @@ -20,8 +20,8 @@ | |||
| 20 | 20 | ||
| 21 | # allow ping etc. | 21 | # allow ping etc. |
| 22 | -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type destination-unreachable -j ACCEPT | 22 | -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type destination-unreachable -j ACCEPT |
| 23 | -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type time-exceeded -j ACCEPT | ||
| 24 | -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type echo-request -j ACCEPT | 23 | -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type echo-request -j ACCEPT |
| 24 | -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type echo-reply -j ACCEPT | ||
| 25 | # required for ipv6 | 25 | # required for ipv6 |
| 26 | -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type router-solicitation -j ACCEPT | 26 | -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type router-solicitation -j ACCEPT |
| 27 | -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type neighbour-solicitation -j ACCEPT | 27 | -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type neighbour-solicitation -j ACCEPT |