From 0ac67c38c3d79c883c9b8e6ab957adde20c5a104 Mon Sep 17 00:00:00 2001
From: Daniel Micay <daniel.micay@grapheneos.org>
Date: Sun, 24 Mar 2024 15:41:13 -0400
Subject: [PATCH] allow IPv6 SSH for discuss.grapheneos.org

This could be useful and disabling it isn't necessary for blocking IPv6
connections to the forum.
---
 nftables-discuss.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nftables-discuss.conf b/nftables-discuss.conf
index 536e6ae..ec612d8 100644
--- a/nftables-discuss.conf
+++ b/nftables-discuss.conf
@@ -15,7 +15,7 @@ table inet filter {
         fib daddr . iif type != { local, broadcast, multicast } counter drop
 
         # IPv6 interacts badly with IP-based spam filtering
-        meta nfproto ipv6 tcp dport {22, 80, 443} reject with tcp reset
+        meta nfproto ipv6 tcp dport {80, 443} reject with tcp reset
 
         tcp dport {22, 80, 443} notrack accept
         meta l4proto {icmp, ipv6-icmp} notrack accept