diff options
author | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2023-09-05 16:09:45 +0200 |
---|---|---|
committer | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2023-09-06 00:57:34 +0200 |
commit | e8070a2e36e9101d52d7db4025f7ff37a00625e8 (patch) | |
tree | c9d174841331ae4276821d4e8d4ad8cd5811c636 /data/templates/firewall/nftables.j2 | |
parent | 2ee8d0eef88acab60b42d0424c034414de47bddd (diff) | |
download | vyos-1x-e8070a2e36e9101d52d7db4025f7ff37a00625e8.tar.gz vyos-1x-e8070a2e36e9101d52d7db4025f7ff37a00625e8.zip |
firewall: T3509: Split IPv4 and IPv6 reverse path filtering like on interfaces
Diffstat (limited to 'data/templates/firewall/nftables.j2')
-rw-r--r-- | data/templates/firewall/nftables.j2 | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/data/templates/firewall/nftables.j2 b/data/templates/firewall/nftables.j2 index d7660c37b..a82a5537b 100644 --- a/data/templates/firewall/nftables.j2 +++ b/data/templates/firewall/nftables.j2 @@ -29,9 +29,9 @@ table ip6 raw { } chain vyos_global_rpfilter { -{% if global_options.source_validation is vyos_defined('loose') %} +{% if global_options.ipv6_source_validation is vyos_defined('loose') %} fib saddr oif 0 counter drop -{% elif global_options.source_validation is vyos_defined('strict') %} +{% elif global_options.ipv6_source_validation is vyos_defined('strict') %} fib saddr . iif oif 0 counter drop {% endif %} return |