| William A. Kennington III | afe167d | 2021-02-08 20:07:49 -0800 | [diff] [blame^] | 1 | table inet filter { |
| 2 | chain ncsi_input { | ||||
| 3 | type filter hook input priority 0; policy drop; | ||||
| 4 | iifname != @NCSI_IF@ accept | ||||
| 5 | ct state established accept | ||||
| 6 | tcp dport 3959 accept | ||||
| 7 | udp dport 3959 accept | ||||
| 8 | tcp dport 3967 accept | ||||
| 9 | udp dport 3967 accept | ||||
| 10 | icmpv6 type nd-neighbor-advert accept | ||||
| 11 | icmpv6 type nd-neighbor-solicit accept | ||||
| 12 | icmpv6 type nd-router-advert accept | ||||
| 13 | } | ||||
| 14 | } | ||||