diff options
author | Gregor Kleen <gkleen@yggdrasil.li> | 2022-02-06 20:00:24 +0100 |
---|---|---|
committer | Gregor Kleen <gkleen@yggdrasil.li> | 2022-02-06 20:00:24 +0100 |
commit | 87329e1915285683d84b6bec959bed49ccd41826 (patch) | |
tree | 93d74bb09ebfc165e0e8d2a51aa57cbfb0f50692 /hosts/surtr/ruleset.nft | |
parent | abd86d7bd35ae30e9eeffc33a798faca9e2b0486 (diff) | |
download | nixos-87329e1915285683d84b6bec959bed49ccd41826.tar nixos-87329e1915285683d84b6bec959bed49ccd41826.tar.gz nixos-87329e1915285683d84b6bec959bed49ccd41826.tar.bz2 nixos-87329e1915285683d84b6bec959bed49ccd41826.tar.xz nixos-87329e1915285683d84b6bec959bed49ccd41826.zip |
...
Diffstat (limited to 'hosts/surtr/ruleset.nft')
-rw-r--r-- | hosts/surtr/ruleset.nft | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/hosts/surtr/ruleset.nft b/hosts/surtr/ruleset.nft index 998bd037..3dc2b311 100644 --- a/hosts/surtr/ruleset.nft +++ b/hosts/surtr/ruleset.nft | |||
@@ -39,7 +39,7 @@ table inet filter { | |||
39 | policy drop | 39 | policy drop |
40 | 40 | ||
41 | 41 | ||
42 | ct state invalid log prefix "drop invalid forward: " counter drop | 42 | ct state invalid log level debug prefix "drop invalid forward: " counter drop |
43 | 43 | ||
44 | 44 | ||
45 | iifname lo counter accept | 45 | iifname lo counter accept |
@@ -56,8 +56,8 @@ table inet filter { | |||
56 | iifname bifrost oifname ens3 counter accept | 56 | iifname bifrost oifname ens3 counter accept |
57 | 57 | ||
58 | 58 | ||
59 | limit name lim_reject log prefix "drop forward: " counter drop | 59 | limit name lim_reject log level debug prefix "drop forward: " counter drop |
60 | log prefix "reject forward: " counter | 60 | log level debug prefix "reject forward: " counter |
61 | meta l4proto tcp ct state new counter reject with tcp reset | 61 | meta l4proto tcp ct state new counter reject with tcp reset |
62 | ct state new counter reject | 62 | ct state new counter reject |
63 | 63 | ||
@@ -70,7 +70,7 @@ table inet filter { | |||
70 | policy drop | 70 | policy drop |
71 | 71 | ||
72 | 72 | ||
73 | ct state invalid log prefix "drop invalid input: " counter drop | 73 | ct state invalid log level debug prefix "drop invalid input: " counter drop |
74 | 74 | ||
75 | 75 | ||
76 | iifname lo counter accept | 76 | iifname lo counter accept |
@@ -95,8 +95,8 @@ table inet filter { | |||
95 | ct state {established, related} counter accept | 95 | ct state {established, related} counter accept |
96 | 96 | ||
97 | 97 | ||
98 | limit name lim_reject log prefix "drop input: " counter drop | 98 | limit name lim_reject log level debug prefix "drop input: " counter drop |
99 | log prefix "reject input: " counter | 99 | log level debug prefix "reject input: " counter |
100 | meta l4proto tcp ct state new counter reject with tcp reset | 100 | meta l4proto tcp ct state new counter reject with tcp reset |
101 | ct state new counter reject | 101 | ct state new counter reject |
102 | 102 | ||