diff options
| author | Gregor Kleen <gkleen@yggdrasil.li> | 2023-02-27 15:01:09 +0100 |
|---|---|---|
| committer | Gregor Kleen <gkleen@yggdrasil.li> | 2023-02-27 15:01:09 +0100 |
| commit | 4800e3a8c7e9f6bbb668c50a29f689a83de223c7 (patch) | |
| tree | 9c8c967f277085dd740dc67c4e002118d1fa169d /hosts/sif/ruleset.nft | |
| parent | f122223243cbb50fa65d96646bc06f53567fd815 (diff) | |
| download | nixos-4800e3a8c7e9f6bbb668c50a29f689a83de223c7.tar nixos-4800e3a8c7e9f6bbb668c50a29f689a83de223c7.tar.gz nixos-4800e3a8c7e9f6bbb668c50a29f689a83de223c7.tar.bz2 nixos-4800e3a8c7e9f6bbb668c50a29f689a83de223c7.tar.xz nixos-4800e3a8c7e9f6bbb668c50a29f689a83de223c7.zip | |
...
Diffstat (limited to 'hosts/sif/ruleset.nft')
| -rw-r--r-- | hosts/sif/ruleset.nft | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/hosts/sif/ruleset.nft b/hosts/sif/ruleset.nft index 2a1467b8..e2ac45c6 100644 --- a/hosts/sif/ruleset.nft +++ b/hosts/sif/ruleset.nft | |||
| @@ -62,6 +62,7 @@ table inet filter { | |||
| 62 | counter wg-rx {} | 62 | counter wg-rx {} |
| 63 | counter yggdrasil-gre-rx {} | 63 | counter yggdrasil-gre-rx {} |
| 64 | counter quickserve-rx {} | 64 | counter quickserve-rx {} |
| 65 | counter ausweisapp2-rx {} | ||
| 65 | 66 | ||
| 66 | counter established-rx {} | 67 | counter established-rx {} |
| 67 | 68 | ||
| @@ -115,7 +116,7 @@ table inet filter { | |||
| 115 | 116 | ||
| 116 | 117 | ||
| 117 | ct state invalid log level debug prefix "drop invalid input: " counter name invalid-rx drop | 118 | ct state invalid log level debug prefix "drop invalid input: " counter name invalid-rx drop |
| 118 | 119 | ||
| 119 | 120 | ||
| 120 | iifname lo counter name rx-lo accept | 121 | iifname lo counter name rx-lo accept |
| 121 | iif != lo ip daddr 127.0.0.1/8 counter name invalid-local4-rx reject | 122 | iif != lo ip daddr 127.0.0.1/8 counter name invalid-local4-rx reject |
| @@ -128,6 +129,7 @@ table inet filter { | |||
| 128 | udp dport 60000-61000 counter name mosh-rx accept | 129 | udp dport 60000-61000 counter name mosh-rx accept |
| 129 | 130 | ||
| 130 | tcp dport 8000 counter name quickserve-rx accept | 131 | tcp dport 8000 counter name quickserve-rx accept |
| 132 | udp dport 24727 counter name ausweisapp2-rx accept | ||
| 131 | 133 | ||
| 132 | udp dport 51820-51822 counter name wg-rx accept | 134 | udp dport 51820-51822 counter name wg-rx accept |
| 133 | iifname "yggdrasil-wg-*" meta l4proto gre counter name yggdrasil-gre-rx accept | 135 | iifname "yggdrasil-wg-*" meta l4proto gre counter name yggdrasil-gre-rx accept |
| @@ -206,4 +208,4 @@ table ip mss_clamp { | |||
| 206 | 208 | ||
| 207 | iifname virbr0 oifname != virbr0 tcp flags & (syn|rst) == syn counter name libvirt-mss-clamp tcp option maxseg size set rt mtu | 209 | iifname virbr0 oifname != virbr0 tcp flags & (syn|rst) == syn counter name libvirt-mss-clamp tcp option maxseg size set rt mtu |
| 208 | } | 210 | } |
| 209 | } \ No newline at end of file | 211 | } |