summaryrefslogtreecommitdiff
path: root/data
diff options
context:
space:
mode:
authorsarthurdev <965089+sarthurdev@users.noreply.github.com>2022-01-03 22:17:08 +0100
committersarthurdev <965089+sarthurdev@users.noreply.github.com>2022-01-04 00:26:48 +0100
commit84a83ecc4c78bf2e0954658ea539e42b4c015fa2 (patch)
tree4d795067c873e50a7471246933a432a12f8ef160 /data
parent28b285b4791aece18fe1bbd76f3d555370545006 (diff)
downloadvyos-1x-84a83ecc4c78bf2e0954658ea539e42b4c015fa2.tar.gz
vyos-1x-84a83ecc4c78bf2e0954658ea539e42b4c015fa2.zip
firewall: T4130: Fix firewall state-policy errors
Also fixes: * Issue with multiple state-policy rules being created on firewall updates * Prevents interface rules being inserted before state-policy
Diffstat (limited to 'data')
-rw-r--r--data/templates/firewall/nftables.tmpl6
1 files changed, 3 insertions, 3 deletions
diff --git a/data/templates/firewall/nftables.tmpl b/data/templates/firewall/nftables.tmpl
index 34bd9b71e..bbb111b1f 100644
--- a/data/templates/firewall/nftables.tmpl
+++ b/data/templates/firewall/nftables.tmpl
@@ -147,13 +147,13 @@ table ip6 filter {
{% if state_policy is defined %}
chain VYOS_STATE_POLICY6 {
{% if state_policy.established is defined %}
- {{ state_policy.established | nft_state_policy('established') }}
+ {{ state_policy.established | nft_state_policy('established', ipv6=True) }}
{% endif %}
{% if state_policy.invalid is defined %}
- {{ state_policy.invalid | nft_state_policy('invalid') }}
+ {{ state_policy.invalid | nft_state_policy('invalid', ipv6=True) }}
{% endif %}
{% if state_policy.related is defined %}
- {{ state_policy.related | nft_state_policy('related') }}
+ {{ state_policy.related | nft_state_policy('related', ipv6=True) }}
{% endif %}
return
}