projects
/
config
/
nftables.git
/ blobdiff
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
nftables-workstation.nft: remove unneeded semicolons
[config/nftables.git]
/
nftables-workstation.nft
diff --git
a/nftables-workstation.nft
b/nftables-workstation.nft
index
3f1f446
..
7261291
100644
(file)
--- a/
nftables-workstation.nft
+++ b/
nftables-workstation.nft
@@
-39,7
+39,7
@@
table inet filter {
}
chain input {
}
chain input {
- type filter hook input priority 0
;
+ type filter hook input priority 0
ct state established,related accept
ct state invalid drop
ct state established,related accept
ct state invalid drop
@@
-75,7
+75,8
@@
table inet filter {
} ip6 hoplimit 255 accept
# Allow multicast listener discovery on link-local addresses.
} ip6 hoplimit 255 accept
# Allow multicast listener discovery on link-local addresses.
- ip6 nexthdr ipv6-icmp icmpv6 type {
+ # RFC2710 specifies that a Hop-by-Hop Options header is used.
+ hbh nexthdr ipv6-icmp icmpv6 type {
mld-listener-query,
mld-listener-report,
mld-listener-reduction
mld-listener-query,
mld-listener-report,
mld-listener-reduction
@@
-122,13
+123,13
@@
table inet filter {
}
chain forward {
}
chain forward {
- type filter hook forward priority 0
;
+ type filter hook forward priority 0
limit rate 3/minute burst 10 packets log prefix "[FORWARD]: "
counter reject
}
chain output {
limit rate 3/minute burst 10 packets log prefix "[FORWARD]: "
counter reject
}
chain output {
- type filter hook output priority 0
;
+ type filter hook output priority 0
counter accept
}
}
counter accept
}
}