From be3d2f9f6623396f2e9c6543f67d81161c7ad94b Mon Sep 17 00:00:00 2001
From: sarthurdev <965089+sarthurdev@users.noreply.github.com>
Date: Tue, 5 Sep 2023 16:09:45 +0200
Subject: firewall: T3509: Split IPv4 and IPv6 reverse path filtering like on
 interfaces

---
 data/templates/firewall/nftables.j2 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'data/templates/firewall/nftables.j2')

diff --git a/data/templates/firewall/nftables.j2 b/data/templates/firewall/nftables.j2
index d7660c37b..a82a5537b 100644
--- a/data/templates/firewall/nftables.j2
+++ b/data/templates/firewall/nftables.j2
@@ -29,9 +29,9 @@ table ip6 raw {
     }
 
     chain vyos_global_rpfilter {
-{% if global_options.source_validation is vyos_defined('loose') %}
+{% if global_options.ipv6_source_validation is vyos_defined('loose') %}
         fib saddr oif 0 counter drop
-{% elif global_options.source_validation is vyos_defined('strict') %}
+{% elif global_options.ipv6_source_validation is vyos_defined('strict') %}
         fib saddr . iif oif 0 counter drop
 {% endif %}
         return
-- 
cgit v1.2.3