firewall: allow also related traffic
This include ICMP error messages for allowed traffic. Fixes QubesOS/qubes-issues#3406
This commit is contained in:
Marek Marczykowski-Górecki
parent
3a83623647
commit
c324b16252
@ -556,7 +556,7 @@ class NftablesWorker(FirewallWorker):
|
|||||||
' chain forward {{\n'
|
' chain forward {{\n'
|
||||||
' type filter hook forward priority 0;\n'
|
' type filter hook forward priority 0;\n'
|
||||||
' policy drop;\n'
|
' policy drop;\n'
|
||||||
' ct state established accept\n'
|
' ct state established,related accept\n'
|
||||||
' }}\n'
|
' }}\n'
|
||||||
'}}\n'
|
'}}\n'
|
||||||
)
|
)
|
||||||
|
|||||||
@ -430,14 +430,14 @@ class TestNftablesWorker(TestCase):
|
|||||||
' chain forward {\n'
|
' chain forward {\n'
|
||||||
' type filter hook forward priority 0;\n'
|
' type filter hook forward priority 0;\n'
|
||||||
' policy drop;\n'
|
' policy drop;\n'
|
||||||
' ct state established accept\n'
|
' ct state established,related accept\n'
|
||||||
' }\n'
|
' }\n'
|
||||||
'}\n'
|
'}\n'
|
||||||
'table ip6 qubes-firewall {\n'
|
'table ip6 qubes-firewall {\n'
|
||||||
' chain forward {\n'
|
' chain forward {\n'
|
||||||
' type filter hook forward priority 0;\n'
|
' type filter hook forward priority 0;\n'
|
||||||
' policy drop;\n'
|
' policy drop;\n'
|
||||||
' ct state established accept\n'
|
' ct state established,related accept\n'
|
||||||
' }\n'
|
' }\n'
|
||||||
'}\n'
|
'}\n'
|
||||||
])
|
])
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user