Update nftable's icmp rules

1 files changed, 10 insertions, 4 deletions

diff --git a/playbooks.d/fw-nftables/playbook.bash b/playbooks.d/fw-nftables/playbook.bash
index 1e52680..c0b366c 100644
--- a/playbooks.d/fw-nftables/playbook.bash
+++ b/playbooks.d/fw-nftables/playbook.bash
@@ -38,12 +38,18 @@ playbook_sync() {
 		# Add ICMP rules
 		info "$BASHTARD_PLAYBOOK/sync" "Adding input filter for ICMP"
 		printf "\n"
-		printf "\t\tip protocol icmp icmp type echo-request" \ # IPv4
-		printf " limit rate %s" "$(config "$BASHTARD_PLAYBOOK.input.icmp.ipv4.rate" "2/second")"
+		printf "\t\tmeta l4proto icmp" \ # IPv4
+		if [[ "$(config "$BASHTARD_PLAYBOOK.input.icmp.ipv4.rate" "")" != "" ]]
+		then
+			printf " limit rate %s" "$(config "$BASHTARD_PLAYBOOK.input.icmp.ipv4.rate" "2/second")"
+		fi
 		printf " %s" "$(config "$BASHTARD_PLAYBOOK.input.icmp.ipv4.policy" "accept")"
 		printf ";\n"
-		printf "\t\tip6 nexthdr icmpv6 icmpv6 type echo-request" \ # IPv6
-		printf " limit rate %s" "$(config "$BASHTARD_PLAYBOOK.input.icmp.ipv6.rate" "2/second")"
+		printf "\t\tmeta l4proto ipv6-icmp" \ # IPv6
+		if [[ "$(config "$BASHTARD_PLAYBOOK.input.icmp.ipv6.rate" "")" != "" ]]
+		then
+			printf " limit rate %s" "$(config "$BASHTARD_PLAYBOOK.input.icmp.ipv6.rate")"
+		fi
 		printf " %s" "$(config "$BASHTARD_PLAYBOOK.input.icmp.ipv6.policy" "accept")"
 		printf ";\n"