disable services on IPv6 for discussion forum

2024-06-20 11:22:09 +00:00 · 2023-12-22 17:45:10 -05:00 · 2023-12-22 17:45:10 -05:00 · 15a2fa132f
commit 15a2fa132f
parent 8bfec062dc
1 changed files with 2 additions and 1 deletions
--- a/nftables-discuss.conf
+++ b/nftables-discuss.conf
@ -25,7 +25,8 @@ table inet filter {

        iif lo accept
        tcp dport {22, 80, 443} ip daddr {{ipv4_address}} accept
-        tcp dport {22, 80, 443} ip6 daddr {{ipv6_address}} accept
+        # IPv6 interacts badly with IP-based spam filtering
+        #tcp dport {22, 80, 443} ip6 daddr {{ipv6_address}} accept
        meta l4proto {icmp, ipv6-icmp} accept

        ct state vmap { invalid : drop, established : accept, related : accept }