From 423049667fa765c28d0c01ab04f7de26dce6edfa Mon Sep 17 00:00:00 2001
From: Franziska Kunsmann <hi@kunsmann.eu>
Date: Mon, 23 Sep 2024 18:09:49 +0200
Subject: [PATCH] bundles/nftables: improve handling for icmp

---
 bundles/nftables/files/nftables.conf | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/bundles/nftables/files/nftables.conf b/bundles/nftables/files/nftables.conf
index c39e8be..56fba34 100644
--- a/bundles/nftables/files/nftables.conf
+++ b/bundles/nftables/files/nftables.conf
@@ -23,9 +23,8 @@ table inet filter {
 
         icmp type timestamp-request drop
         icmp type timestamp-reply drop
-        ip protocol icmp accept
+        meta l4proto {icmp, ipv6-icmp} accept
 
-        ip6 nexthdr ipv6-icmp accept
 % for ruleset, rules in sorted(input.items()):
 
         # ${ruleset}