summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2022-01-13 23:30:46 +0100
committerGregor Kleen <gkleen@yggdrasil.li>2022-01-13 23:30:46 +0100
commit0bfb4903b649f70fbbffd2ec57bfe5114b612685 (patch)
tree81d4f2b79dc11fc29c09f08a444313319836c19d
parent6e7b9a0d1949bcec4848f1316cdf85b007978e37 (diff)
downloadnixos-0bfb4903b649f70fbbffd2ec57bfe5114b612685.tar
nixos-0bfb4903b649f70fbbffd2ec57bfe5114b612685.tar.gz
nixos-0bfb4903b649f70fbbffd2ec57bfe5114b612685.tar.bz2
nixos-0bfb4903b649f70fbbffd2ec57bfe5114b612685.tar.xz
nixos-0bfb4903b649f70fbbffd2ec57bfe5114b612685.zip
vidhar: ...
-rw-r--r--hosts/vidhar/network/ruleset.nft17
1 files changed, 17 insertions, 0 deletions
diff --git a/hosts/vidhar/network/ruleset.nft b/hosts/vidhar/network/ruleset.nft
index c4c2fbe6..901ecb4f 100644
--- a/hosts/vidhar/network/ruleset.nft
+++ b/hosts/vidhar/network/ruleset.nft
@@ -248,11 +248,28 @@ table bridge filter {
248 policy drop 248 policy drop
249 249
250 250
251 log level debug prefix "bridge forward: "
252
253
251 ct state invalid log level debug prefix "drop invalid forward: " counter name invalid-fw drop 254 ct state invalid log level debug prefix "drop invalid forward: " counter name invalid-fw drop
252 255
253 iifname "wifibh01.lan" counter name wifibh-fw accept 256 iifname "wifibh01.lan" counter name wifibh-fw accept
254 iifname "eno2.lan" counter name lan-fw accept 257 iifname "eno2.lan" counter name lan-fw accept
255 } 258 }
259
260 chain input {
261 type filter hook input priority filter
262 policy accept
263
264 log level debug prefix "bridge input: "
265 }
266
267 chain output {
268 type filter hook output priority filter
269 policy accept
270
271 log level debug prefix "bridge output: "
272 }
256} 273}
257 274
258table ip nat { 275table ip nat {