15 lines
552 B
Text
15 lines
552 B
Text
|
|
# {{ ansible_managed }}
|
||
|
|
# Allow container forwarding through base's default-deny forward chain (ADR-025 / FRICTION
|
||
|
|
# 2026-06-17 #1). Appended to base's `table inet filter` / `chain forward` via the
|
||
|
|
# /etc/nftables.d/*.nft include, and loaded by nftables.service at boot — exactly when the
|
||
|
|
# bug bit (default-deny forward loading before dockerd on reboot).
|
||
|
|
table inet filter {
|
||
|
|
chain forward {
|
||
|
|
ct state established,related accept
|
||
|
|
iifname "docker0" accept
|
||
|
|
oifname "docker0" accept
|
||
|
|
iifname "br-*" accept
|
||
|
|
oifname "br-*" accept
|
||
|
|
}
|
||
|
|
}
|