From 196c1403e697df4cc3aff783a418282d2c6c5438 Mon Sep 17 00:00:00 2001
From: Patrik Lundin <patlu@sunet.se>
Date: Wed, 30 Oct 2024 09:25:12 +0100
Subject: [PATCH] Allow decapsulated ip6ip6 packets

---
 global/overlay/etc/puppet/modules/cdn/manifests/cache.pp | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/global/overlay/etc/puppet/modules/cdn/manifests/cache.pp b/global/overlay/etc/puppet/modules/cdn/manifests/cache.pp
index 807156e..0fe3684 100644
--- a/global/overlay/etc/puppet/modules/cdn/manifests/cache.pp
+++ b/global/overlay/etc/puppet/modules/cdn/manifests/cache.pp
@@ -122,6 +122,9 @@ class cdn::cache(
   sunet::nftables::rule { 'sunet_cdn_service4':
     rule => 'add rule inet filter input meta iifname tunl0 ip daddr 188.240.152.0/24 tcp dport { 80, 443 } counter accept comment "sunet-cdn-service4"'
   }
+  sunet::nftables::rule { 'sunet_cdn_service6':
+    rule => 'add rule inet filter input meta iifname ip6tnl0 ip6 daddr 2001:6b0:2100::/48 tcp dport { 80, 443 } counter accept comment "sunet-cdn-service6"'
+  }
 
   if $cache_secrets {
     $customers.each |String $customer, Integer $customer_uid| {