summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2021-12-14 09:13:33 +0100
committerGregor Kleen <gkleen@yggdrasil.li>2021-12-14 09:13:33 +0100
commit111d4765d2a3cd55f7eaaf6e011f6d09b8395afb (patch)
tree067acf8b312acdf704f2578592098b98cd8801b0
parent200b266d03961861069defeef963ac6501ff77f7 (diff)
downloadnixos-111d4765d2a3cd55f7eaaf6e011f6d09b8395afb.tar
nixos-111d4765d2a3cd55f7eaaf6e011f6d09b8395afb.tar.gz
nixos-111d4765d2a3cd55f7eaaf6e011f6d09b8395afb.tar.bz2
nixos-111d4765d2a3cd55f7eaaf6e011f6d09b8395afb.tar.xz
nixos-111d4765d2a3cd55f7eaaf6e011f6d09b8395afb.zip
nftables: ...
-rw-r--r--hosts/surtr/ruleset.nft4
-rw-r--r--hosts/vidhar/ruleset.nft4
2 files changed, 6 insertions, 2 deletions
diff --git a/hosts/surtr/ruleset.nft b/hosts/surtr/ruleset.nft
index a66d7193..cb41f1cf 100644
--- a/hosts/surtr/ruleset.nft
+++ b/hosts/surtr/ruleset.nft
@@ -73,9 +73,11 @@ table inet filter {
73 meta l4proto $icmp_protos counter accept 73 meta l4proto $icmp_protos counter accept
74 74
75 tcp dport 22 counter accept 75 tcp dport 22 counter accept
76 udp dport 60001-61000 counter accept
77
76 meta protocol ip udp dport 51820 counter accept 78 meta protocol ip udp dport 51820 counter accept
77 meta protocol ip6 udp dport 51821 counter accept 79 meta protocol ip6 udp dport 51821 counter accept
78 udp dport 60001-61000 counter accept 80 iifname "yggdrasil-wg-*" meta l4proto gre counter accept
79 81
80 tcp dport 53 counter accept 82 tcp dport 53 counter accept
81 udp dport 53 counter accept 83 udp dport 53 counter accept
diff --git a/hosts/vidhar/ruleset.nft b/hosts/vidhar/ruleset.nft
index b9c672bc..d1689fd6 100644
--- a/hosts/vidhar/ruleset.nft
+++ b/hosts/vidhar/ruleset.nft
@@ -89,9 +89,11 @@ table inet filter {
89 meta l4proto $icmp_protos counter accept 89 meta l4proto $icmp_protos counter accept
90 90
91 tcp dport 22 counter accept 91 tcp dport 22 counter accept
92 meta protocol ip udp dport 51820 counter accept
93 udp dport 60001-61000 counter accept 92 udp dport 60001-61000 counter accept
94 93
94 meta protocol ip udp dport 51820 counter accept
95 iifname "yggdrasil-wg-*" meta l4proto gre counter accept
96
95 iifname dsl meta protocol ip6 udp dport 546 udp sport 547 counter accept 97 iifname dsl meta protocol ip6 udp dport 546 udp sport 547 counter accept
96 98
97 ct state {established, related} counter accept 99 ct state {established, related} counter accept