diff options
| author | Gregor Kleen <gkleen@yggdrasil.li> | 2021-12-08 22:15:25 +0100 |
|---|---|---|
| committer | Gregor Kleen <gkleen@yggdrasil.li> | 2021-12-08 22:15:25 +0100 |
| commit | e685f060bd7796e1f962eec6ebf40452f59b6306 (patch) | |
| tree | 6edb047332709042c0cd13e4b5380ceeee09d74d | |
| parent | a19791ff99b86e4a913ebc25c5f3048c451a2b88 (diff) | |
| download | nixos-e685f060bd7796e1f962eec6ebf40452f59b6306.tar nixos-e685f060bd7796e1f962eec6ebf40452f59b6306.tar.gz nixos-e685f060bd7796e1f962eec6ebf40452f59b6306.tar.bz2 nixos-e685f060bd7796e1f962eec6ebf40452f59b6306.tar.xz nixos-e685f060bd7796e1f962eec6ebf40452f59b6306.zip | |
vidhar: nftables...
| -rw-r--r-- | hosts/vidhar/ruleset.nft | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/hosts/vidhar/ruleset.nft b/hosts/vidhar/ruleset.nft index fec7b536..85094647 100644 --- a/hosts/vidhar/ruleset.nft +++ b/hosts/vidhar/ruleset.nft | |||
| @@ -9,6 +9,9 @@ table inet filter { | |||
| 9 | policy drop | 9 | policy drop |
| 10 | 10 | ||
| 11 | 11 | ||
| 12 | ct state invalid counter drop | ||
| 13 | |||
| 14 | |||
| 12 | iifname eno1 oifname dsl counter accept | 15 | iifname eno1 oifname dsl counter accept |
| 13 | iifname dsl oifname eno1 ct state {established, related} counter accept | 16 | iifname dsl oifname eno1 ct state {established, related} counter accept |
| 14 | 17 | ||
| @@ -31,6 +34,9 @@ table inet filter { | |||
| 31 | policy drop | 34 | policy drop |
| 32 | 35 | ||
| 33 | 36 | ||
| 37 | ct state invalid counter drop | ||
| 38 | |||
| 39 | |||
| 34 | iifname lo counter accept | 40 | iifname lo counter accept |
| 35 | iif != lo ip daddr 127.0.0.1/8 counter reject | 41 | iif != lo ip daddr 127.0.0.1/8 counter reject |
| 36 | iif != lo ip6 daddr ::1/128 counter reject | 42 | iif != lo ip6 daddr ::1/128 counter reject |