surtr: nftables...

author: Gregor Kleen <gkleen@yggdrasil.li> 2021-12-13 21:15:30 +0100
committer: Gregor Kleen <gkleen@yggdrasil.li> 2021-12-13 21:15:30 +0100
commit: 470105b11d48740bd1dd1401491ebac08b834e07 (patch)
tree: 23966c0f271626deaece0372ab50758e5eb61342 /hosts/surtr/ruleset.nft
parent: 58207bb276aec3e1c2acc7c6fcbb137b6c654f97 (diff)
download: nixos-470105b11d48740bd1dd1401491ebac08b834e07.tar
nixos-470105b11d48740bd1dd1401491ebac08b834e07.tar.gz
nixos-470105b11d48740bd1dd1401491ebac08b834e07.tar.bz2
nixos-470105b11d48740bd1dd1401491ebac08b834e07.tar.xz
nixos-470105b11d48740bd1dd1401491ebac08b834e07.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/hosts/surtr/ruleset.nft b/hosts/surtr/ruleset.nft
index 0a6e75a6..6b47751f 100644
--- a/hosts/surtr/ruleset.nft
+++ b/hosts/surtr/ruleset.nft
@@ -75,7 +75,8 @@ table inet filter {
    ct state {established, related} counter accept
    tcp dport 22 counter accept
-    meta protocol ip udp dport {51820, 51821} counter accept
+    meta protocol ip udp dport 51820 counter accept
+    meta protocol ip6 udp dport 51821 counter accept
    udp dport 60000-61000 counter accept
author	Gregor Kleen <gkleen@yggdrasil.li>	2021-12-13 21:15:30 +0100
committer	Gregor Kleen <gkleen@yggdrasil.li>	2021-12-13 21:15:30 +0100
commit	470105b11d48740bd1dd1401491ebac08b834e07 (patch)
tree	23966c0f271626deaece0372ab50758e5eb61342 /hosts/surtr/ruleset.nft
parent	58207bb276aec3e1c2acc7c6fcbb137b6c654f97 (diff)
download	nixos-470105b11d48740bd1dd1401491ebac08b834e07.tar nixos-470105b11d48740bd1dd1401491ebac08b834e07.tar.gz nixos-470105b11d48740bd1dd1401491ebac08b834e07.tar.bz2 nixos-470105b11d48740bd1dd1401491ebac08b834e07.tar.xz nixos-470105b11d48740bd1dd1401491ebac08b834e07.zip

diff --git a/hosts/surtr/ruleset.nft b/hosts/surtr/ruleset.nft index 0a6e75a6..6b47751f 100644 --- a/hosts/surtr/ruleset.nft +++ b/hosts/surtr/ruleset.nft
@@ -75,7 +75,8 @@ table inet filter {
75	ct state {established, related} counter accept	75	ct state {established, related} counter accept
76		76
77	tcp dport 22 counter accept	77	tcp dport 22 counter accept
78	meta protocol ip udp dport {51820, 51821} counter accept	78	meta protocol ip udp dport 51820 counter accept
		79	meta protocol ip6 udp dport 51821 counter accept
79	udp dport 60000-61000 counter accept	80	udp dport 60000-61000 counter accept
80		81
81		82