diff options
| -rw-r--r-- | inventory/host_vars/ch-jump.yml | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/inventory/host_vars/ch-jump.yml b/inventory/host_vars/ch-jump.yml index ab03c1a4..8873864b 100644 --- a/inventory/host_vars/ch-jump.yml +++ b/inventory/host_vars/ch-jump.yml @@ -53,10 +53,11 @@ sshd_jump_users: nftables_base_rules: public-services: | - table ip filter { + table inet filter { chain sshd-jump { type filter hook output priority filter; ct state vmap { established: accept, related: accept, invalid: drop } - skuid c3voc ip daddr != { {{ network_zones.c3voc.prefix }} } reject + skuid c3voc ip daddr != { {{ network_zones.c3voc.prefix }} } reject with icmp type admin-prohibited + # skuid c3voc ip6 daddr != { } reject with icmpv6 type admin-prohibited } } |