2019-09-10 22:09:01 +02:00
|
|
|
# Ensure nothing is forwarded onto WAN interface
|
2019-10-09 18:27:05 +02:00
|
|
|
if [ -n "$IF_WAN" ]; then
|
2022-12-18 13:46:03 +01:00
|
|
|
nft add table ip filter
|
|
|
|
nft add chain ip filter FORWARD '{ type filter hook forward priority filter; policy accept; }'
|
|
|
|
nft add table ip6 filter
|
|
|
|
nft add chain ip6 filter FORWARD '{ type filter hook forward priority filter; policy accept; }'
|
|
|
|
|
|
|
|
nft add rule ip filter FORWARD oifname "$IF_WAN" counter reject with icmp net-unreachable
|
|
|
|
nft add rule ip6 filter FORWARD oifname "$IF_WAN" counter reject with icmpv6 no-route
|
2019-10-09 18:27:05 +02:00
|
|
|
fi
|