From 1739b9b8a191775edef777d1c477a594688b5b97 Mon Sep 17 00:00:00 2001
From: Someone <someone@somenet.org>
Date: Fri, 13 Feb 2026 01:47:52 +0100
Subject: [PATCH] roles/base/network/files

---
 roles/base/network/files/default/nftables.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/base/network/files/default/nftables.conf b/roles/base/network/files/default/nftables.conf
index 9da233d..bdfcd74 100644
--- a/roles/base/network/files/default/nftables.conf
+++ b/roles/base/network/files/default/nftables.conf
@@ -17,7 +17,7 @@ table inet filter {
 #        # accept any inside traffic.
 #        iifname "lo" counter accept
 #
-#        # accept all other traffic, by policy.
+#        # filter stuff here before it hits conntrack.
 #    }
 
     chain PRE {
@@ -38,7 +38,7 @@ table inet filter {
         ct state new meta mark set 10 ct mark set meta mark
 
         # accept neighbour discovery otherwise IPv6 connectivity breaks.
-        ip6 nexthdr icmpv6 icmpv6 type { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert, nd-router-solicit } counter accept
+        ip6 nexthdr icmpv6 icmpv6 type { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert, nd-router-solicit, echo-request } counter accept
         ip6 nexthdr udp udp dport 546 counter accept
         ip protocol icmp icmp type { echo-request } counter accept
 
-- 
2.47.3