From ff14b623de865a6c7387a64479b5f5ab58b03097 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?H=C3=A9ctor=20Molinero=20Fern=C3=A1ndez?=
 <hector@molinero.dev>
Date: Fri, 24 Dec 2021 14:33:12 +0100
Subject: [PATCH] Simplified nftables rules

---
 packer/rootfs/etc/nftables.conf | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/packer/rootfs/etc/nftables.conf b/packer/rootfs/etc/nftables.conf
index e16a5de..ceb2b26 100644
--- a/packer/rootfs/etc/nftables.conf
+++ b/packer/rootfs/etc/nftables.conf
@@ -13,12 +13,9 @@ table inet filter {
 		# Accept traffic originated from us.
 		ct state { established, related } accept;
 
-		# Accept neighbour discovery otherwise IPv6 connectivity breaks.
-		ip6 nexthdr icmpv6 icmpv6 type { nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert } accept;
-
-		# Accept all ICMP types.
-		ip protocol icmp accept;
-		ip6 nexthdr icmpv6 accept;
+		# Accept ICMP and ICMPv6 traffic.
+		meta l4proto icmp accept;
+		meta l4proto ipv6-icmp accept;
 
 		# Accept SSH traffic.
 		tcp dport 122 accept;