From 9d291d54f4218ec6b74fd0bb0ec8ac49293d4ab3 Mon Sep 17 00:00:00 2001
From: kunsi <voc@kunsmann.eu>
Date: Mon, 23 Sep 2024 18:10:28 +0200
Subject: [PATCH] bw/bundles/nftables: improve handling for icmp

---
 bundlewrap/bundles/nftables/files/nftables.conf | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/bundlewrap/bundles/nftables/files/nftables.conf b/bundlewrap/bundles/nftables/files/nftables.conf
index 96635805..a2f5c053 100644
--- a/bundlewrap/bundles/nftables/files/nftables.conf
+++ b/bundlewrap/bundles/nftables/files/nftables.conf
@@ -16,9 +16,8 @@ table inet filter {
 
         icmp type timestamp-request drop
         icmp type timestamp-reply drop
-        ip protocol icmp accept
+        meta l4proto {icmp, ipv6-icmp} accept
 
-        ip6 nexthdr ipv6-icmp accept
 % for ruleset, rules in sorted(input.items()):
 
         # ${ruleset}