diff options
author | Gregor Kleen <gkleen@yggdrasil.li> | 2023-01-31 13:31:37 +0100 |
---|---|---|
committer | Gregor Kleen <gkleen@yggdrasil.li> | 2023-01-31 13:31:37 +0100 |
commit | 60adb4c9388816d8b8eb17b2e844de8d1e0dc081 (patch) | |
tree | 2d40a05364ea1d3edd0b9cd7748a0683fa20a477 /hosts/surtr/ruleset.nft | |
parent | 41be54745e76d6b14221157d1e4474e980e2e70a (diff) | |
download | nixos-60adb4c9388816d8b8eb17b2e844de8d1e0dc081.tar nixos-60adb4c9388816d8b8eb17b2e844de8d1e0dc081.tar.gz nixos-60adb4c9388816d8b8eb17b2e844de8d1e0dc081.tar.bz2 nixos-60adb4c9388816d8b8eb17b2e844de8d1e0dc081.tar.xz nixos-60adb4c9388816d8b8eb17b2e844de8d1e0dc081.zip |
Revert "Revert "...""
This reverts commit 1e82933a01dcc3810d635567dbef0de286c1e8f2.
Diffstat (limited to 'hosts/surtr/ruleset.nft')
-rw-r--r-- | hosts/surtr/ruleset.nft | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/hosts/surtr/ruleset.nft b/hosts/surtr/ruleset.nft index 4993b6b7..ee72614f 100644 --- a/hosts/surtr/ruleset.nft +++ b/hosts/surtr/ruleset.nft | |||
@@ -171,6 +171,7 @@ table inet filter { | |||
171 | udp dport 53 counter name dns-rx accept | 171 | udp dport 53 counter name dns-rx accept |
172 | 172 | ||
173 | tcp dport {80, 443, 8448} counter name http-rx accept | 173 | tcp dport {80, 443, 8448} counter name http-rx accept |
174 | udp dport {443, 8448} counter name http-rx accept | ||
174 | 175 | ||
175 | tcp dport {3478, 5349} counter name stun-rx accept | 176 | tcp dport {3478, 5349} counter name stun-rx accept |
176 | udp dport {3478, 5349} counter name stun-rx accept | 177 | udp dport {3478, 5349} counter name stun-rx accept |
@@ -215,7 +216,8 @@ table inet filter { | |||
215 | meta protocol ip6 udp sport {51821, 51822} counter name wg-tx | 216 | meta protocol ip6 udp sport {51821, 51822} counter name wg-tx |
216 | iifname "yggdrasil-wg-*" meta l4proto gre counter name yggdrasil-gre-tx | 217 | iifname "yggdrasil-wg-*" meta l4proto gre counter name yggdrasil-gre-tx |
217 | 218 | ||
218 | tcp sport {80,443,8448} counter name http-tx accept | 219 | tcp sport {80, 443, 8448} counter name http-tx accept |
220 | udp sport {443, 8448} counter name http-tx accept | ||
219 | 221 | ||
220 | tcp sport {3478, 5349} counter name stun-tx accept | 222 | tcp sport {3478, 5349} counter name stun-tx accept |
221 | udp sport {3478, 5349} counter name stun-tx accept | 223 | udp sport {3478, 5349} counter name stun-tx accept |