diff options
author | Gregor Kleen <gkleen@yggdrasil.li> | 2022-03-14 17:00:42 +0100 |
---|---|---|
committer | Gregor Kleen <gkleen@yggdrasil.li> | 2022-03-14 17:00:42 +0100 |
commit | 3d3f8c4721fd0c978243d365d7ac8eaea1124b17 (patch) | |
tree | 2e60e6cd5d3990ff51e59133c09678f877e4d934 | |
parent | 67ad77720622605af0ec366fb068d9c9da320231 (diff) | |
download | nixos-3d3f8c4721fd0c978243d365d7ac8eaea1124b17.tar nixos-3d3f8c4721fd0c978243d365d7ac8eaea1124b17.tar.gz nixos-3d3f8c4721fd0c978243d365d7ac8eaea1124b17.tar.bz2 nixos-3d3f8c4721fd0c978243d365d7ac8eaea1124b17.tar.xz nixos-3d3f8c4721fd0c978243d365d7ac8eaea1124b17.zip |
installer: allow input
-rw-r--r-- | installer/ruleset.nft | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/installer/ruleset.nft b/installer/ruleset.nft index 4de54dd7..803ce9fd 100644 --- a/installer/ruleset.nft +++ b/installer/ruleset.nft | |||
@@ -73,6 +73,9 @@ table inet filter { | |||
73 | udp dport 60000-61000 counter accept | 73 | udp dport 60000-61000 counter accept |
74 | 74 | ||
75 | 75 | ||
76 | ct state {established, related} counter name established-rx accept | ||
77 | |||
78 | |||
76 | limit name lim_reject log level debug prefix "drop input: " counter drop | 79 | limit name lim_reject log level debug prefix "drop input: " counter drop |
77 | log level debug prefix "reject input: " counter | 80 | log level debug prefix "reject input: " counter |
78 | meta l4proto tcp ct state new counter reject with tcp reset | 81 | meta l4proto tcp ct state new counter reject with tcp reset |