From f19d0a8d11ebf5244fea208cd0770a92d24263d5 Mon Sep 17 00:00:00 2001
From: Aurelien Rebourg <aurelien.rebourg@gmail.com>
Date: Wed, 24 May 2023 04:20:06 +0200
Subject: [PATCH] fix firewall

---
 roles/securing/templates/nftables.conf.j2 | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/roles/securing/templates/nftables.conf.j2 b/roles/securing/templates/nftables.conf.j2
index 146eacf..5aa1714 100644
--- a/roles/securing/templates/nftables.conf.j2
+++ b/roles/securing/templates/nftables.conf.j2
@@ -2,7 +2,7 @@ table ip6 filter {
 	chain input {
 		type filter hook input priority filter; policy drop;
 		iifname "lo" accept
-		log prefix "Dropped ipv6:  " flags all drop
+		log prefix "Dropped ipv6:  " flags all
 	}
 
 	chain forward {
@@ -11,8 +11,8 @@ table ip6 filter {
 
 	chain output {
 		type filter hook output priority filter; policy drop;
-		iifname "lo" accept
-		log prefix "Dropped ipv6:  " flags all drop
+		oifname "lo" accept
+		log prefix "Dropped ipv6:  " flags all
 	}
 }
 
@@ -23,6 +23,7 @@ table ip filter {
 		ip protocol icmp icmp type echo-request accept
 		icmpv6 type { echo-request, nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert } accept
 		tcp dport { 22, 80, 443, 10000 } accept
+		iifname "lo" accept
 
 		log prefix "Dropped ipv4:  " flags all drop
 	}