summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2021-12-13 21:07:41 +0100
committerGregor Kleen <gkleen@yggdrasil.li>2021-12-13 21:07:41 +0100
commit58207bb276aec3e1c2acc7c6fcbb137b6c654f97 (patch)
tree7016805a57f53d73a2c95ab5720adc1c5b90a948
parentf45049f99883b780199a3197e3cbe269e91ca8b2 (diff)
downloadnixos-58207bb276aec3e1c2acc7c6fcbb137b6c654f97.tar
nixos-58207bb276aec3e1c2acc7c6fcbb137b6c654f97.tar.gz
nixos-58207bb276aec3e1c2acc7c6fcbb137b6c654f97.tar.bz2
nixos-58207bb276aec3e1c2acc7c6fcbb137b6c654f97.tar.xz
nixos-58207bb276aec3e1c2acc7c6fcbb137b6c654f97.zip
surtr: nftables...
Diffstat
-rw-r--r--hosts/surtr/ruleset.nft11
1 files changed, 3 insertions, 8 deletions
diff --git a/hosts/surtr/ruleset.nft b/hosts/surtr/ruleset.nft
index f353d855..0a6e75a6 100644
--- a/hosts/surtr/ruleset.nft
+++ b/hosts/surtr/ruleset.nft
@@ -1,19 +1,15 @@
1define icmp_protos = { ipv6-icmp, icmp, igmp } 1define icmp_protos = { ipv6-icmp, icmp, igmp }
2 2
3table arp filter { 3table arp filter {
4 limit lim_arp_local { 4 limit lim_arp {
5 rate over 50 mbytes/second burst 50 mbytes 5 rate over 50 mbytes/second burst 50 mbytes
6 } 6 }
7 limit lim_arp_dsl {
8 rate over 1400 kbytes/second burst 1400 kbytes
9 }
10 7
11 chain input { 8 chain input {
12 type filter hook input priority filter 9 type filter hook input priority filter
13 policy accept 10 policy accept
14 11
15 iifname != dsl limit name lim_arp_local counter drop 12 limit name lim_arp counter drop
16 iifname dsl limit name lim_arp_dsl counter drop
17 13
18 counter 14 counter
19 } 15 }
@@ -22,8 +18,7 @@ table arp filter {
22 type filter hook output priority filter 18 type filter hook output priority filter
23 policy accept 19 policy accept
24 20
25 oifname != dsl limit name lim_arp_local counter drop 21 limit name lim_arp counter drop
26 oifname dsl limit name lim_arp_dsl counter drop
27 22
28 counter 23 counter
29 } 24 }
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-24 22:01:42 +0000