vidhar: nftables...

author: Gregor Kleen <gkleen@yggdrasil.li> 2021-12-08 18:03:22 +0100
committer: Gregor Kleen <gkleen@yggdrasil.li> 2021-12-08 18:03:22 +0100
commit: e7af824df4d7bbc72695af4d7c25b6cbb4242b0c (patch)
tree: e654d73c08b35e07b4f353f9034b075d2388813e
parent: 8124337c5182b02e3057ebde1213050d4a714a0f (diff)
download: nixos-e7af824df4d7bbc72695af4d7c25b6cbb4242b0c.tar
nixos-e7af824df4d7bbc72695af4d7c25b6cbb4242b0c.tar.gz
nixos-e7af824df4d7bbc72695af4d7c25b6cbb4242b0c.tar.bz2
nixos-e7af824df4d7bbc72695af4d7c25b6cbb4242b0c.tar.xz
nixos-e7af824df4d7bbc72695af4d7c25b6cbb4242b0c.zip
1 files changed, 13 insertions, 13 deletions
diff --git a/hosts/vidhar/ruleset.nft b/hosts/vidhar/ruleset.nft
index ae91af00..2e6c10b8 100644
--- a/hosts/vidhar/ruleset.nft
+++ b/hosts/vidhar/ruleset.nft
@@ -4,13 +4,13 @@ table inet filter {
    policy drop
-    iifname eno1 accept
+    iifname eno1 counter accept
-    ct state {established, related} accept
+    ct state {established, related} counter accept
-    meta l4proto ipv6-icmp accept
+    meta l4proto ipv6-icmp counter accept
-    meta l4proto icmp accept
+    meta l4proto icmp counter accept
-    meta l4proto igmp accept
+    meta l4proto igmp counter accept
    log prefix "drop forward:"
@@ -22,19 +22,19 @@ table inet filter {
    policy drop
-    iifname lo accept
+    iifname lo counter accept
    iif != lo ip daddr 127.0.0.1/8 counter drop
    iif != lo ip6 daddr ::1/128 counter drop
-    ct state {established, related} accept
+    ct state {established, related} counter accept
-    tcp dport 22 accept
+    tcp dport 22 counter accept
-    udp dport 51820 accept
+    udp dport 51820 counter accept
-    udp dport 60000-61000 accept
+    udp dport 60000-61000 counter accept
-    meta l4proto ipv6-icmp accept
+    meta l4proto ipv6-icmp counter accept
-    meta l4proto icmp accept
+    meta l4proto icmp counter accept
-    meta l4proto igmp accept
+    meta l4proto igmp counter accept
    log prefix "drop input:"
    counter
author	Gregor Kleen <gkleen@yggdrasil.li>	2021-12-08 18:03:22 +0100
committer	Gregor Kleen <gkleen@yggdrasil.li>	2021-12-08 18:03:22 +0100
commit	e7af824df4d7bbc72695af4d7c25b6cbb4242b0c (patch)
tree	e654d73c08b35e07b4f353f9034b075d2388813e
parent	8124337c5182b02e3057ebde1213050d4a714a0f (diff)
download	nixos-e7af824df4d7bbc72695af4d7c25b6cbb4242b0c.tar nixos-e7af824df4d7bbc72695af4d7c25b6cbb4242b0c.tar.gz nixos-e7af824df4d7bbc72695af4d7c25b6cbb4242b0c.tar.bz2 nixos-e7af824df4d7bbc72695af4d7c25b6cbb4242b0c.tar.xz nixos-e7af824df4d7bbc72695af4d7c25b6cbb4242b0c.zip

diff --git a/hosts/vidhar/ruleset.nft b/hosts/vidhar/ruleset.nft index ae91af00..2e6c10b8 100644 --- a/hosts/vidhar/ruleset.nft +++ b/hosts/vidhar/ruleset.nft
@@ -4,13 +4,13 @@ table inet filter {
4	policy drop	4	policy drop
5		5
6		6
7	iifname eno1 accept	7	iifname eno1 counter accept
8		8
9	ct state {established, related} accept	9	ct state {established, related} counter accept
10		10
11	meta l4proto ipv6-icmp accept	11	meta l4proto ipv6-icmp counter accept
12	meta l4proto icmp accept	12	meta l4proto icmp counter accept
13	meta l4proto igmp accept	13	meta l4proto igmp counter accept
14		14
15		15
16	log prefix "drop forward:"	16	log prefix "drop forward:"
@@ -22,19 +22,19 @@ table inet filter {
22	policy drop	22	policy drop
23		23
24		24
25	iifname lo accept	25	iifname lo counter accept
26	iif != lo ip daddr 127.0.0.1/8 counter drop	26	iif != lo ip daddr 127.0.0.1/8 counter drop
27	iif != lo ip6 daddr ::1/128 counter drop	27	iif != lo ip6 daddr ::1/128 counter drop
28		28
29	ct state {established, related} accept	29	ct state {established, related} counter accept
30		30
31	tcp dport 22 accept	31	tcp dport 22 counter accept
32	udp dport 51820 accept	32	udp dport 51820 counter accept
33	udp dport 60000-61000 accept	33	udp dport 60000-61000 counter accept
34		34
35	meta l4proto ipv6-icmp accept	35	meta l4proto ipv6-icmp counter accept
36	meta l4proto icmp accept	36	meta l4proto icmp counter accept
37	meta l4proto igmp accept	37	meta l4proto igmp counter accept
38		38
39	log prefix "drop input:"	39	log prefix "drop input:"
40	counter	40	counter