From 5cb62c1ca3d26d2682751d535e72925ba6699b4b Mon Sep 17 00:00:00 2001
From: NaeiKinDus <git@0x2a.ninja>
Date: Wed, 26 Feb 2025 00:00:00 +0000
Subject: [PATCH] fix(k3s): fixed invalid ip6 FW rule

---
 .../roles/k3s/templates/nftables.d/k3s_servers.nft.j2           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ansible_collections/nullified/infrastructure/roles/k3s/templates/nftables.d/k3s_servers.nft.j2 b/ansible_collections/nullified/infrastructure/roles/k3s/templates/nftables.d/k3s_servers.nft.j2
index cf04da6..cfd6f2f 100644
--- a/ansible_collections/nullified/infrastructure/roles/k3s/templates/nftables.d/k3s_servers.nft.j2
+++ b/ansible_collections/nullified/infrastructure/roles/k3s/templates/nftables.d/k3s_servers.nft.j2
@@ -3,7 +3,7 @@ table inet filter {
     chain input {
         # operators access
         {%+ if k3s_nft_operators4 %}ip saddr { {{ k3s_nft_operators4 | join(', ') }} } tcp dport { 6443 } accept{%- endif +%}
-        {%+ if k3s_nft_operators6 %}ip saddr { {{ k3s_nft_operators6 | join(', ') }} } tcp dport { 6443 } accept{%- endif +%}
+        {%+ if k3s_nft_operators6 %}ip6 saddr { {{ k3s_nft_operators6 | join(', ') }} } tcp dport { 6443 } accept{%- endif +%}
 
         # required only for HA with embedded etcd
         {%+ if k3s_nft_servers4 %}ip saddr { {{ k3s_nft_servers4 | join(',') }} } tcp dport { 2379, 2380 } accept{%- endif +%}