summaryrefslogtreecommitdiff
path: root/data/templates/firewall/nftables.j2
diff options
context:
space:
mode:
authorsarthurdev <965089+sarthurdev@users.noreply.github.com>2023-09-05 16:09:45 +0200
committersarthurdev <965089+sarthurdev@users.noreply.github.com>2023-09-05 20:27:49 +0200
commitbe3d2f9f6623396f2e9c6543f67d81161c7ad94b (patch)
tree8a17456d75de90ad9ca0e57ebace41e0be4402ad /data/templates/firewall/nftables.j2
parent0de3de1e0a78eb35b666b8f613d3e54fd3ad54e4 (diff)
downloadvyos-1x-be3d2f9f6623396f2e9c6543f67d81161c7ad94b.tar.gz
vyos-1x-be3d2f9f6623396f2e9c6543f67d81161c7ad94b.zip
firewall: T3509: Split IPv4 and IPv6 reverse path filtering like on interfaces
Diffstat (limited to 'data/templates/firewall/nftables.j2')
-rw-r--r--data/templates/firewall/nftables.j24
1 files changed, 2 insertions, 2 deletions
diff --git a/data/templates/firewall/nftables.j2 b/data/templates/firewall/nftables.j2
index d7660c37b..a82a5537b 100644
--- a/data/templates/firewall/nftables.j2
+++ b/data/templates/firewall/nftables.j2
@@ -29,9 +29,9 @@ table ip6 raw {
}
chain vyos_global_rpfilter {
-{% if global_options.source_validation is vyos_defined('loose') %}
+{% if global_options.ipv6_source_validation is vyos_defined('loose') %}
fib saddr oif 0 counter drop
-{% elif global_options.source_validation is vyos_defined('strict') %}
+{% elif global_options.ipv6_source_validation is vyos_defined('strict') %}
fib saddr . iif oif 0 counter drop
{% endif %}
return