diff options
| author | Gregor Kleen <gkleen@yggdrasil.li> | 2021-12-14 09:13:33 +0100 |
|---|---|---|
| committer | Gregor Kleen <gkleen@yggdrasil.li> | 2021-12-14 09:13:33 +0100 |
| commit | 111d4765d2a3cd55f7eaaf6e011f6d09b8395afb (patch) | |
| tree | 067acf8b312acdf704f2578592098b98cd8801b0 | |
| parent | 200b266d03961861069defeef963ac6501ff77f7 (diff) | |
| download | nixos-111d4765d2a3cd55f7eaaf6e011f6d09b8395afb.tar nixos-111d4765d2a3cd55f7eaaf6e011f6d09b8395afb.tar.gz nixos-111d4765d2a3cd55f7eaaf6e011f6d09b8395afb.tar.bz2 nixos-111d4765d2a3cd55f7eaaf6e011f6d09b8395afb.tar.xz nixos-111d4765d2a3cd55f7eaaf6e011f6d09b8395afb.zip | |
nftables: ...
| -rw-r--r-- | hosts/surtr/ruleset.nft | 4 | ||||
| -rw-r--r-- | hosts/vidhar/ruleset.nft | 4 |
2 files changed, 6 insertions, 2 deletions
diff --git a/hosts/surtr/ruleset.nft b/hosts/surtr/ruleset.nft index a66d7193..cb41f1cf 100644 --- a/hosts/surtr/ruleset.nft +++ b/hosts/surtr/ruleset.nft | |||
| @@ -73,9 +73,11 @@ table inet filter { | |||
| 73 | meta l4proto $icmp_protos counter accept | 73 | meta l4proto $icmp_protos counter accept |
| 74 | 74 | ||
| 75 | tcp dport 22 counter accept | 75 | tcp dport 22 counter accept |
| 76 | udp dport 60001-61000 counter accept | ||
| 77 | |||
| 76 | meta protocol ip udp dport 51820 counter accept | 78 | meta protocol ip udp dport 51820 counter accept |
| 77 | meta protocol ip6 udp dport 51821 counter accept | 79 | meta protocol ip6 udp dport 51821 counter accept |
| 78 | udp dport 60001-61000 counter accept | 80 | iifname "yggdrasil-wg-*" meta l4proto gre counter accept |
| 79 | 81 | ||
| 80 | tcp dport 53 counter accept | 82 | tcp dport 53 counter accept |
| 81 | udp dport 53 counter accept | 83 | udp dport 53 counter accept |
diff --git a/hosts/vidhar/ruleset.nft b/hosts/vidhar/ruleset.nft index b9c672bc..d1689fd6 100644 --- a/hosts/vidhar/ruleset.nft +++ b/hosts/vidhar/ruleset.nft | |||
| @@ -89,9 +89,11 @@ table inet filter { | |||
| 89 | meta l4proto $icmp_protos counter accept | 89 | meta l4proto $icmp_protos counter accept |
| 90 | 90 | ||
| 91 | tcp dport 22 counter accept | 91 | tcp dport 22 counter accept |
| 92 | meta protocol ip udp dport 51820 counter accept | ||
| 93 | udp dport 60001-61000 counter accept | 92 | udp dport 60001-61000 counter accept |
| 94 | 93 | ||
| 94 | meta protocol ip udp dport 51820 counter accept | ||
| 95 | iifname "yggdrasil-wg-*" meta l4proto gre counter accept | ||
| 96 | |||
| 95 | iifname dsl meta protocol ip6 udp dport 546 udp sport 547 counter accept | 97 | iifname dsl meta protocol ip6 udp dport 546 udp sport 547 counter accept |
| 96 | 98 | ||
| 97 | ct state {established, related} counter accept | 99 | ct state {established, related} counter accept |