diff options
| author | Gregor Kleen <gkleen@yggdrasil.li> | 2023-01-30 16:09:43 +0100 |
|---|---|---|
| committer | Gregor Kleen <gkleen@yggdrasil.li> | 2023-01-30 16:19:44 +0100 |
| commit | 68645f75136d6e82bfb7e27b50c531d1b416c4d5 (patch) | |
| tree | 12f4804798ad4c78507b05f5e3573a11c7ab8b0c /hosts/surtr/ruleset.nft | |
| parent | 5915a25064e01c38c49787322ca1309d0da0386a (diff) | |
| download | nixos-68645f75136d6e82bfb7e27b50c531d1b416c4d5.tar nixos-68645f75136d6e82bfb7e27b50c531d1b416c4d5.tar.gz nixos-68645f75136d6e82bfb7e27b50c531d1b416c4d5.tar.bz2 nixos-68645f75136d6e82bfb7e27b50c531d1b416c4d5.tar.xz nixos-68645f75136d6e82bfb7e27b50c531d1b416c4d5.zip | |
...
Diffstat (limited to 'hosts/surtr/ruleset.nft')
| -rw-r--r-- | hosts/surtr/ruleset.nft | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/hosts/surtr/ruleset.nft b/hosts/surtr/ruleset.nft index 4993b6b7..ee72614f 100644 --- a/hosts/surtr/ruleset.nft +++ b/hosts/surtr/ruleset.nft | |||
| @@ -171,6 +171,7 @@ table inet filter { | |||
| 171 | udp dport 53 counter name dns-rx accept | 171 | udp dport 53 counter name dns-rx accept |
| 172 | 172 | ||
| 173 | tcp dport {80, 443, 8448} counter name http-rx accept | 173 | tcp dport {80, 443, 8448} counter name http-rx accept |
| 174 | udp dport {443, 8448} counter name http-rx accept | ||
| 174 | 175 | ||
| 175 | tcp dport {3478, 5349} counter name stun-rx accept | 176 | tcp dport {3478, 5349} counter name stun-rx accept |
| 176 | udp dport {3478, 5349} counter name stun-rx accept | 177 | udp dport {3478, 5349} counter name stun-rx accept |
| @@ -215,7 +216,8 @@ table inet filter { | |||
| 215 | meta protocol ip6 udp sport {51821, 51822} counter name wg-tx | 216 | meta protocol ip6 udp sport {51821, 51822} counter name wg-tx |
| 216 | iifname "yggdrasil-wg-*" meta l4proto gre counter name yggdrasil-gre-tx | 217 | iifname "yggdrasil-wg-*" meta l4proto gre counter name yggdrasil-gre-tx |
| 217 | 218 | ||
| 218 | tcp sport {80,443,8448} counter name http-tx accept | 219 | tcp sport {80, 443, 8448} counter name http-tx accept |
| 220 | udp sport {443, 8448} counter name http-tx accept | ||
| 219 | 221 | ||
| 220 | tcp sport {3478, 5349} counter name stun-tx accept | 222 | tcp sport {3478, 5349} counter name stun-tx accept |
| 221 | udp sport {3478, 5349} counter name stun-tx accept | 223 | udp sport {3478, 5349} counter name stun-tx accept |