From b30f6db0796652d6791b1913fe23a54b0bc54f49 Mon Sep 17 00:00:00 2001 From: adamluk Date: Mon, 12 Mar 2018 15:51:34 +0000 Subject: [PATCH] Update rules.v6.j2 (#818) Updated to use -m conntrack for consistency as per the other IPv6 rules. --- roles/vpn/templates/rules.v6.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/vpn/templates/rules.v6.j2 b/roles/vpn/templates/rules.v6.j2 index 640f6d2..717b887 100644 --- a/roles/vpn/templates/rules.v6.j2 +++ b/roles/vpn/templates/rules.v6.j2 @@ -32,7 +32,7 @@ COMMIT -A INPUT -p icmpv6 --icmpv6-type neighbor-advertisement -m hl --hl-eq 255 -j ACCEPT -A INPUT -p icmpv6 --icmpv6-type redirect -m hl --hl-eq 255 -j ACCEPT # DHCP in AWS --A INPUT -m state --state NEW -m udp -p udp --dport 546 -d fe80::/64 -j ACCEPT +-A INPUT -m conntrack --ctstate NEW -m udp -p udp --dport 546 -d fe80::/64 -j ACCEPT # TODO: # The IP of the resolver should be bound to a DUMMY interface. # DUMMY interfaces are the proper way to install IPs without assigning them any