From ee683f22029518227f8e86850f9678eafd13f4b8 Mon Sep 17 00:00:00 2001
From: Daniel Barlow <dan@telent.net>
Date: Mon, 31 Mar 2025 23:03:24 +0100
Subject: [PATCH] firewall: fix syntax of icmp v4 rule

---
 modules/firewall/service.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/firewall/service.nix b/modules/firewall/service.nix
index 2b88b73..c64e09f 100644
--- a/modules/firewall/service.nix
+++ b/modules/firewall/service.nix
@@ -72,7 +72,7 @@ let
                 local n = output(s, "ifname");
                 local bw = output(s, "bandwidth");
                 if n and bw then
-                  return "icmp iifname ".. n .. " limit rate over " .. (math.floor (tonumber(bw) / 8 / 20)) .. " bytes/second drop"
+                  return "meta l4proto icmp iifname ".. n .. " limit rate over " .. (math.floor (tonumber(bw) / 8 / 20)) .. " bytes/second drop"
                 else
                   return "# " .. (n or "not n") .. " " .. (bw or "not bw")
                 end