11 lines
501 B
Plaintext
11 lines
501 B
Plaintext
# Ensure nothing is forwarded onto WAN interface
|
|
if [ -n "$IF_WAN" ]; then
|
|
nft add table ip filter
|
|
nft add chain ip filter FORWARD '{ type filter hook forward priority filter; policy accept; }'
|
|
nft add table ip6 filter
|
|
nft add chain ip6 filter FORWARD '{ type filter hook forward priority filter; policy accept; }'
|
|
|
|
nft add rule ip filter FORWARD oifname "$IF_WAN" counter reject with icmp net-unreachable
|
|
nft add rule ip6 filter FORWARD oifname "$IF_WAN" counter reject with icmpv6 no-route
|
|
fi
|