summaryrefslogtreecommitdiff
path: root/hosts/surtr/ruleset.nft
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2022-02-06 20:00:24 +0100
committerGregor Kleen <gkleen@yggdrasil.li>2022-02-06 20:00:24 +0100
commit87329e1915285683d84b6bec959bed49ccd41826 (patch)
tree93d74bb09ebfc165e0e8d2a51aa57cbfb0f50692 /hosts/surtr/ruleset.nft
parentabd86d7bd35ae30e9eeffc33a798faca9e2b0486 (diff)
downloadnixos-87329e1915285683d84b6bec959bed49ccd41826.tar
nixos-87329e1915285683d84b6bec959bed49ccd41826.tar.gz
nixos-87329e1915285683d84b6bec959bed49ccd41826.tar.bz2
nixos-87329e1915285683d84b6bec959bed49ccd41826.tar.xz
nixos-87329e1915285683d84b6bec959bed49ccd41826.zip
...
Diffstat (limited to 'hosts/surtr/ruleset.nft')
-rw-r--r--hosts/surtr/ruleset.nft12
1 files changed, 6 insertions, 6 deletions
diff --git a/hosts/surtr/ruleset.nft b/hosts/surtr/ruleset.nft
index 998bd037..3dc2b311 100644
--- a/hosts/surtr/ruleset.nft
+++ b/hosts/surtr/ruleset.nft
@@ -39,7 +39,7 @@ table inet filter {
39 policy drop 39 policy drop
40 40
41 41
42 ct state invalid log prefix "drop invalid forward: " counter drop 42 ct state invalid log level debug prefix "drop invalid forward: " counter drop
43 43
44 44
45 iifname lo counter accept 45 iifname lo counter accept
@@ -56,8 +56,8 @@ table inet filter {
56 iifname bifrost oifname ens3 counter accept 56 iifname bifrost oifname ens3 counter accept
57 57
58 58
59 limit name lim_reject log prefix "drop forward: " counter drop 59 limit name lim_reject log level debug prefix "drop forward: " counter drop
60 log prefix "reject forward: " counter 60 log level debug prefix "reject forward: " counter
61 meta l4proto tcp ct state new counter reject with tcp reset 61 meta l4proto tcp ct state new counter reject with tcp reset
62 ct state new counter reject 62 ct state new counter reject
63 63
@@ -70,7 +70,7 @@ table inet filter {
70 policy drop 70 policy drop
71 71
72 72
73 ct state invalid log prefix "drop invalid input: " counter drop 73 ct state invalid log level debug prefix "drop invalid input: " counter drop
74 74
75 75
76 iifname lo counter accept 76 iifname lo counter accept
@@ -95,8 +95,8 @@ table inet filter {
95 ct state {established, related} counter accept 95 ct state {established, related} counter accept
96 96
97 97
98 limit name lim_reject log prefix "drop input: " counter drop 98 limit name lim_reject log level debug prefix "drop input: " counter drop
99 log prefix "reject input: " counter 99 log level debug prefix "reject input: " counter
100 meta l4proto tcp ct state new counter reject with tcp reset 100 meta l4proto tcp ct state new counter reject with tcp reset
101 ct state new counter reject 101 ct state new counter reject
102 102