diff options
Diffstat (limited to 'src/firejail/netfilter.c')
-rw-r--r-- | src/firejail/netfilter.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/firejail/netfilter.c b/src/firejail/netfilter.c index 68a4207e5..a1c1b9c16 100644 --- a/src/firejail/netfilter.c +++ b/src/firejail/netfilter.c | |||
@@ -30,7 +30,7 @@ static char *client_filter = | |||
30 | ":FORWARD DROP [0:0]\n" | 30 | ":FORWARD DROP [0:0]\n" |
31 | ":OUTPUT ACCEPT [0:0]\n" | 31 | ":OUTPUT ACCEPT [0:0]\n" |
32 | "-A INPUT -i lo -j ACCEPT\n" | 32 | "-A INPUT -i lo -j ACCEPT\n" |
33 | "# echo replay is handled by -m state RELEATED/ESTABLISHED below\n" | 33 | "# echo replay is handled by -m state RELATED/ESTABLISHED below\n" |
34 | "#-A INPUT -p icmp --icmp-type echo-reply -j ACCEPT\n" | 34 | "#-A INPUT -p icmp --icmp-type echo-reply -j ACCEPT\n" |
35 | "-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT\n" | 35 | "-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT\n" |
36 | "-A INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT\n" | 36 | "-A INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT\n" |