From 2c36defc836b2331daefdd67a26a3230e23a2330 Mon Sep 17 00:00:00 2001
From: User <user@localhost>
Date: Fri, 8 Sep 2023 10:11:57 +0200
Subject: [PATCH] remove rp_filter unicast limitation + nat only unicast

---
 firewall.py | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/firewall.py b/firewall.py
index 926ea70..ee92918 100755
--- a/firewall.py
+++ b/firewall.py
@@ -356,14 +356,8 @@ def parse_reverse_path_filter(rpf: ReversePathFilter) -> nft.Table:
         right=False,
     )
 
-    rule_pkttype = nft.Match(
-        op="==",
-        left=nft.Meta("pkttype"),
-        right="host",
-    )
-
     chain_filter.rules.append(
-        nft.Rule([rule_iifname, rule_fib, rule_pkttype, nft.Verdict("drop")])
+        nft.Rule([rule_iifname, rule_fib, nft.Verdict("drop")])
     )
 
     # Resulting table
@@ -582,6 +576,12 @@ def parse_nat(nat: list[Nat], zones: Zones) -> nft.Table:
                 )
             )
 
+        rule.stmts.append(nft.Match(
+            op="==",
+            left=nft.Fib(flags=["daddr"], result="type"),
+            right="unicast",
+        ))
+
         rule.stmts.append(
             nft.Snat(
                 addr=entry.snat.addr,