diff options
author | Gregor Kleen <gkleen@yggdrasil.li> | 2021-12-08 18:09:53 +0100 |
---|---|---|
committer | Gregor Kleen <gkleen@yggdrasil.li> | 2021-12-08 18:09:53 +0100 |
commit | 3f8919adb786778c48ee6dc93a4b835414fb2758 (patch) | |
tree | 0027bc847ba4595f68a122b99c3f95c5c6a2eae9 | |
parent | 2341daf6a9c9a035c8a2ace73f7573e24b0f60b2 (diff) | |
download | nixos-3f8919adb786778c48ee6dc93a4b835414fb2758.tar nixos-3f8919adb786778c48ee6dc93a4b835414fb2758.tar.gz nixos-3f8919adb786778c48ee6dc93a4b835414fb2758.tar.bz2 nixos-3f8919adb786778c48ee6dc93a4b835414fb2758.tar.xz nixos-3f8919adb786778c48ee6dc93a4b835414fb2758.zip |
vidhar: nftables...
-rw-r--r-- | hosts/vidhar/ruleset.nft | 11 |
1 files changed, 4 insertions, 7 deletions
diff --git a/hosts/vidhar/ruleset.nft b/hosts/vidhar/ruleset.nft index 8b143178..0c421beb 100644 --- a/hosts/vidhar/ruleset.nft +++ b/hosts/vidhar/ruleset.nft | |||
@@ -4,17 +4,15 @@ table inet filter { | |||
4 | policy drop | 4 | policy drop |
5 | 5 | ||
6 | 6 | ||
7 | iifname eno1 counter accept | 7 | iifname eno1 oifname dsl counter accept |
8 | 8 | iifname dsl oifname eno1 ct state {established, related} counter accept | |
9 | ct state {established, related} counter accept | ||
10 | 9 | ||
11 | meta l4proto ipv6-icmp counter accept | 10 | meta l4proto ipv6-icmp counter accept |
12 | meta l4proto icmp counter accept | 11 | meta l4proto icmp counter accept |
13 | meta l4proto igmp counter accept | 12 | meta l4proto igmp counter accept |
14 | 13 | ||
15 | 14 | ||
16 | log prefix "drop forward: " | 15 | log prefix "drop forward: " counter |
17 | counter | ||
18 | } | 16 | } |
19 | 17 | ||
20 | chain input { | 18 | chain input { |
@@ -36,8 +34,7 @@ table inet filter { | |||
36 | meta l4proto icmp counter accept | 34 | meta l4proto icmp counter accept |
37 | meta l4proto igmp counter accept | 35 | meta l4proto igmp counter accept |
38 | 36 | ||
39 | log prefix "drop input: " | 37 | log prefix "drop input: " counter |
40 | counter | ||
41 | } | 38 | } |
42 | 39 | ||
43 | chain output { | 40 | chain output { |