mirror of
https://github.com/netblue30/firejail.git
synced 2026-05-15 14:16:14 -06:00
fix nolocal netfilter
This commit is contained in:
netblue30
parent
3d3365cb31
commit
549d59f55d
2 changed files with 2 additions and 2 deletions
|
|
@ -20,8 +20,8 @@
|
|||
|
||||
# allow ping etc.
|
||||
-A INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT
|
||||
-A INPUT -p icmp --icmp-type time-exceeded -j ACCEPT
|
||||
-A INPUT -p icmp --icmp-type echo-request -j ACCEPT
|
||||
-A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
|
||||
|
||||
# accept dns requests going out to a server on the local network
|
||||
-A OUTPUT -p udp --dport 53 -j ACCEPT
|
||||
|
|
|
|||
|
|
@ -20,8 +20,8 @@
|
|||
|
||||
# allow ping etc.
|
||||
-A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type destination-unreachable -j ACCEPT
|
||||
-A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type time-exceeded -j ACCEPT
|
||||
-A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type echo-request -j ACCEPT
|
||||
-A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type echo-reply -j ACCEPT
|
||||
# required for ipv6
|
||||
-A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type router-solicitation -j ACCEPT
|
||||
-A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type neighbour-solicitation -j ACCEPT
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue