nftables: ...

author: Gregor Kleen <gkleen@yggdrasil.li> 2021-12-13 21:41:10 +0100
committer: Gregor Kleen <gkleen@yggdrasil.li> 2021-12-13 21:41:10 +0100
commit: d8922d513a35bf5e7d75ea0d812d7dcdb6f2c395 (patch)
tree: 5db2e4ca378b260ae09c9a57971e77bc425e4cb1 /hosts/surtr
parent: 3dd95b2119e7ddf3ac68aa5a744076e2daa4e99f (diff)
download: nixos-d8922d513a35bf5e7d75ea0d812d7dcdb6f2c395.tar
nixos-d8922d513a35bf5e7d75ea0d812d7dcdb6f2c395.tar.gz
nixos-d8922d513a35bf5e7d75ea0d812d7dcdb6f2c395.tar.bz2
nixos-d8922d513a35bf5e7d75ea0d812d7dcdb6f2c395.tar.xz
nixos-d8922d513a35bf5e7d75ea0d812d7dcdb6f2c395.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/hosts/surtr/ruleset.nft b/hosts/surtr/ruleset.nft
index f8cadc94..0a9ff530 100644
--- a/hosts/surtr/ruleset.nft
+++ b/hosts/surtr/ruleset.nft
@@ -72,8 +72,6 @@ table inet filter {
    meta l4proto $icmp_protos limit name lim_icmp counter drop
    meta l4proto $icmp_protos counter accept
-    ct state {established, related} counter accept
    tcp dport 22 counter accept
    meta protocol ip udp dport 51820 counter accept
    meta protocol ip6 udp dport 51821 counter accept
@@ -82,6 +80,8 @@ table inet filter {
    tcp dport 53 counter accept
    udp dport 53 counter accept
+    ct state {established, related} counter accept
    limit name lim_reject log prefix "drop input: " counter drop
    log prefix "reject input: " counter
author	Gregor Kleen <gkleen@yggdrasil.li>	2021-12-13 21:41:10 +0100
committer	Gregor Kleen <gkleen@yggdrasil.li>	2021-12-13 21:41:10 +0100
commit	d8922d513a35bf5e7d75ea0d812d7dcdb6f2c395 (patch)
tree	5db2e4ca378b260ae09c9a57971e77bc425e4cb1 /hosts/surtr
parent	3dd95b2119e7ddf3ac68aa5a744076e2daa4e99f (diff)
download	nixos-d8922d513a35bf5e7d75ea0d812d7dcdb6f2c395.tar nixos-d8922d513a35bf5e7d75ea0d812d7dcdb6f2c395.tar.gz nixos-d8922d513a35bf5e7d75ea0d812d7dcdb6f2c395.tar.bz2 nixos-d8922d513a35bf5e7d75ea0d812d7dcdb6f2c395.tar.xz nixos-d8922d513a35bf5e7d75ea0d812d7dcdb6f2c395.zip