summaryrefslogtreecommitdiff
path: root/hosts/surtr/ruleset.nft
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2023-01-31 13:31:37 +0100
committerGregor Kleen <gkleen@yggdrasil.li>2023-01-31 13:31:37 +0100
commit60adb4c9388816d8b8eb17b2e844de8d1e0dc081 (patch)
tree2d40a05364ea1d3edd0b9cd7748a0683fa20a477 /hosts/surtr/ruleset.nft
parent41be54745e76d6b14221157d1e4474e980e2e70a (diff)
downloadnixos-60adb4c9388816d8b8eb17b2e844de8d1e0dc081.tar
nixos-60adb4c9388816d8b8eb17b2e844de8d1e0dc081.tar.gz
nixos-60adb4c9388816d8b8eb17b2e844de8d1e0dc081.tar.bz2
nixos-60adb4c9388816d8b8eb17b2e844de8d1e0dc081.tar.xz
nixos-60adb4c9388816d8b8eb17b2e844de8d1e0dc081.zip
Revert "Revert "...""
This reverts commit 1e82933a01dcc3810d635567dbef0de286c1e8f2.
Diffstat (limited to 'hosts/surtr/ruleset.nft')
-rw-r--r--hosts/surtr/ruleset.nft4
1 files changed, 3 insertions, 1 deletions
diff --git a/hosts/surtr/ruleset.nft b/hosts/surtr/ruleset.nft
index 4993b6b7..ee72614f 100644
--- a/hosts/surtr/ruleset.nft
+++ b/hosts/surtr/ruleset.nft
@@ -171,6 +171,7 @@ table inet filter {
171 udp dport 53 counter name dns-rx accept 171 udp dport 53 counter name dns-rx accept
172 172
173 tcp dport {80, 443, 8448} counter name http-rx accept 173 tcp dport {80, 443, 8448} counter name http-rx accept
174 udp dport {443, 8448} counter name http-rx accept
174 175
175 tcp dport {3478, 5349} counter name stun-rx accept 176 tcp dport {3478, 5349} counter name stun-rx accept
176 udp dport {3478, 5349} counter name stun-rx accept 177 udp dport {3478, 5349} counter name stun-rx accept
@@ -215,7 +216,8 @@ table inet filter {
215 meta protocol ip6 udp sport {51821, 51822} counter name wg-tx 216 meta protocol ip6 udp sport {51821, 51822} counter name wg-tx
216 iifname "yggdrasil-wg-*" meta l4proto gre counter name yggdrasil-gre-tx 217 iifname "yggdrasil-wg-*" meta l4proto gre counter name yggdrasil-gre-tx
217 218
218 tcp sport {80,443,8448} counter name http-tx accept 219 tcp sport {80, 443, 8448} counter name http-tx accept
220 udp sport {443, 8448} counter name http-tx accept
219 221
220 tcp sport {3478, 5349} counter name stun-tx accept 222 tcp sport {3478, 5349} counter name stun-tx accept
221 udp sport {3478, 5349} counter name stun-tx accept 223 udp sport {3478, 5349} counter name stun-tx accept