From d12b470c4fa50fe72efd1957c0289040eb372c6c Mon Sep 17 00:00:00 2001
From: Patrick Spek <p.spek@tyil.nl>
Date: Wed, 28 Feb 2024 09:58:37 +0100
Subject: Update nftable's icmp rules

---
 playbooks.d/fw-nftables/playbook.bash | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/playbooks.d/fw-nftables/playbook.bash b/playbooks.d/fw-nftables/playbook.bash
index 1e52680..c0b366c 100644
--- a/playbooks.d/fw-nftables/playbook.bash
+++ b/playbooks.d/fw-nftables/playbook.bash
@@ -38,12 +38,18 @@ playbook_sync() {
 		# Add ICMP rules
 		info "$BASHTARD_PLAYBOOK/sync" "Adding input filter for ICMP"
 		printf "\n"
-		printf "\t\tip protocol icmp icmp type echo-request" \ # IPv4
-		printf " limit rate %s" "$(config "$BASHTARD_PLAYBOOK.input.icmp.ipv4.rate" "2/second")"
+		printf "\t\tmeta l4proto icmp" \ # IPv4
+		if [[ "$(config "$BASHTARD_PLAYBOOK.input.icmp.ipv4.rate" "")" != "" ]]
+		then
+			printf " limit rate %s" "$(config "$BASHTARD_PLAYBOOK.input.icmp.ipv4.rate" "2/second")"
+		fi
 		printf " %s" "$(config "$BASHTARD_PLAYBOOK.input.icmp.ipv4.policy" "accept")"
 		printf ";\n"
-		printf "\t\tip6 nexthdr icmpv6 icmpv6 type echo-request" \ # IPv6
-		printf " limit rate %s" "$(config "$BASHTARD_PLAYBOOK.input.icmp.ipv6.rate" "2/second")"
+		printf "\t\tmeta l4proto ipv6-icmp" \ # IPv6
+		if [[ "$(config "$BASHTARD_PLAYBOOK.input.icmp.ipv6.rate" "")" != "" ]]
+		then
+			printf " limit rate %s" "$(config "$BASHTARD_PLAYBOOK.input.icmp.ipv6.rate")"
+		fi
 		printf " %s" "$(config "$BASHTARD_PLAYBOOK.input.icmp.ipv6.policy" "accept")"
 		printf ";\n"
 
-- 
cgit v1.1