summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2021-12-08 18:09:53 +0100
committerGregor Kleen <gkleen@yggdrasil.li>2021-12-08 18:09:53 +0100
commit3f8919adb786778c48ee6dc93a4b835414fb2758 (patch)
tree0027bc847ba4595f68a122b99c3f95c5c6a2eae9
parent2341daf6a9c9a035c8a2ace73f7573e24b0f60b2 (diff)
downloadnixos-3f8919adb786778c48ee6dc93a4b835414fb2758.tar
nixos-3f8919adb786778c48ee6dc93a4b835414fb2758.tar.gz
nixos-3f8919adb786778c48ee6dc93a4b835414fb2758.tar.bz2
nixos-3f8919adb786778c48ee6dc93a4b835414fb2758.tar.xz
nixos-3f8919adb786778c48ee6dc93a4b835414fb2758.zip
vidhar: nftables...
-rw-r--r--hosts/vidhar/ruleset.nft11
1 files changed, 4 insertions, 7 deletions
diff --git a/hosts/vidhar/ruleset.nft b/hosts/vidhar/ruleset.nft
index 8b143178..0c421beb 100644
--- a/hosts/vidhar/ruleset.nft
+++ b/hosts/vidhar/ruleset.nft
@@ -4,17 +4,15 @@ table inet filter {
4 policy drop 4 policy drop
5 5
6 6
7 iifname eno1 counter accept 7 iifname eno1 oifname dsl counter accept
8 8 iifname dsl oifname eno1 ct state {established, related} counter accept
9 ct state {established, related} counter accept
10 9
11 meta l4proto ipv6-icmp counter accept 10 meta l4proto ipv6-icmp counter accept
12 meta l4proto icmp counter accept 11 meta l4proto icmp counter accept
13 meta l4proto igmp counter accept 12 meta l4proto igmp counter accept
14 13
15 14
16 log prefix "drop forward: " 15 log prefix "drop forward: " counter
17 counter
18 } 16 }
19 17
20 chain input { 18 chain input {
@@ -36,8 +34,7 @@ table inet filter {
36 meta l4proto icmp counter accept 34 meta l4proto icmp counter accept
37 meta l4proto igmp counter accept 35 meta l4proto igmp counter accept
38 36
39 log prefix "drop input: " 37 log prefix "drop input: " counter
40 counter
41 } 38 }
42 39
43 chain output { 40 chain output {