From 5fb605231d8e635be4819b0c4a2623b6028b03d0 Mon Sep 17 00:00:00 2001
From: Jake Howard <git@theorangeone.net>
Date: Sun, 5 Nov 2023 21:48:25 +0000
Subject: [PATCH] Allow pings to ingress

This makes testing connections much simpler
---
 ansible/roles/ingress/files/nftables.conf | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/ansible/roles/ingress/files/nftables.conf b/ansible/roles/ingress/files/nftables.conf
index 436cd74..c7d340f 100644
--- a/ansible/roles/ingress/files/nftables.conf
+++ b/ansible/roles/ingress/files/nftables.conf
@@ -11,6 +11,10 @@ table inet filter {
 
         iif lo accept
 
+        # Allow ICMP (pings)
+        ip protocol icmp accept
+        meta l4proto icmpv6 accept
+
         tcp dport {http, https, {{ ssh_port }}, 8443, 8448} accept
 
         # Allow nebula