# Host-specific configuration for nft-fw.
# This file is read by /usr/local/sbin/fw-apply.
#
# Syntax: shell KEY=VALUE
# Values "true/false" are parsed case-insensitively.

# Interfaces / networks
EXT_IF=eth0
PRIV_IF=enp7s0
PRIV_NET=172.20.0.0/21

# Feature toggles
ALLOW_SSH_PUBLIC_IN=true
ALLOW_APT_PUBLIC_OUT=true

# ICMP toggles
ALLOW_ICMP4_PUBLIC=true
ALLOW_ICMP6_PUBLIC=true

# Force ICMPv6 essential types when EXT_IF is "in use" (SSH or APT enabled)
FORCE_ICMP6_ESSENTIAL=true