diff options
author | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2022-01-03 22:17:08 +0100 |
---|---|---|
committer | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2022-01-04 00:26:48 +0100 |
commit | 84a83ecc4c78bf2e0954658ea539e42b4c015fa2 (patch) | |
tree | 4d795067c873e50a7471246933a432a12f8ef160 /data/templates | |
parent | 28b285b4791aece18fe1bbd76f3d555370545006 (diff) | |
download | vyos-1x-84a83ecc4c78bf2e0954658ea539e42b4c015fa2.tar.gz vyos-1x-84a83ecc4c78bf2e0954658ea539e42b4c015fa2.zip |
firewall: T4130: Fix firewall state-policy errors
Also fixes:
* Issue with multiple state-policy rules being created on firewall updates
* Prevents interface rules being inserted before state-policy
Diffstat (limited to 'data/templates')
-rw-r--r-- | data/templates/firewall/nftables.tmpl | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/data/templates/firewall/nftables.tmpl b/data/templates/firewall/nftables.tmpl index 34bd9b71e..bbb111b1f 100644 --- a/data/templates/firewall/nftables.tmpl +++ b/data/templates/firewall/nftables.tmpl @@ -147,13 +147,13 @@ table ip6 filter { {% if state_policy is defined %} chain VYOS_STATE_POLICY6 { {% if state_policy.established is defined %} - {{ state_policy.established | nft_state_policy('established') }} + {{ state_policy.established | nft_state_policy('established', ipv6=True) }} {% endif %} {% if state_policy.invalid is defined %} - {{ state_policy.invalid | nft_state_policy('invalid') }} + {{ state_policy.invalid | nft_state_policy('invalid', ipv6=True) }} {% endif %} {% if state_policy.related is defined %} - {{ state_policy.related | nft_state_policy('related') }} + {{ state_policy.related | nft_state_policy('related', ipv6=True) }} {% endif %} return } |