ソースを参照

nftables: Allow OSPFv3 from link-local addresses, too.

Signed-off-by: Maximilian Wilhelm <max@sdn.clinic>
Maximilian Wilhelm 3 年 前
コミット
843507256e
1 ファイル変更1 行追加1 行削除
  1. 1 1
      nftables/nftables.conf.tmpl

+ 1 - 1
nftables/nftables.conf.tmpl

@@ -92,7 +92,7 @@ table ip6 filter {
 		counter jump admin_access
 		tcp dport 22 counter jump ssh
 {%- if 'router' in roles %}
-		ip6 saddr fe80::/64 ip6 daddr { ff02::5, ff02::6 } meta l4proto ospf accept
+		ip6 saddr fe80::/64 ip6 daddr { fe80::/10, ff02::5, ff02::6 } meta l4proto ospf accept
 		tcp dport 179 counter jump bgp
 {%- endif %}
 		ct state related,established counter accept comment "Allow established connections."