diff options
author | Gregor Kleen <gkleen@yggdrasil.li> | 2022-01-06 23:08:15 +0100 |
---|---|---|
committer | Gregor Kleen <gkleen@yggdrasil.li> | 2022-01-06 23:08:15 +0100 |
commit | b985f38510a16a0216bd4919a5ba7edd031bdb62 (patch) | |
tree | ba42158ad16d48f77a7c52345dca43015e978fd1 /hosts/vidhar/network/ruleset.nft | |
parent | 0ba09e3cb005fe04550d744de0ddc7a4e85f8aeb (diff) | |
download | nixos-b985f38510a16a0216bd4919a5ba7edd031bdb62.tar nixos-b985f38510a16a0216bd4919a5ba7edd031bdb62.tar.gz nixos-b985f38510a16a0216bd4919a5ba7edd031bdb62.tar.bz2 nixos-b985f38510a16a0216bd4919a5ba7edd031bdb62.tar.xz nixos-b985f38510a16a0216bd4919a5ba7edd031bdb62.zip |
vidhar: ...
Diffstat (limited to 'hosts/vidhar/network/ruleset.nft')
-rw-r--r-- | hosts/vidhar/network/ruleset.nft | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/hosts/vidhar/network/ruleset.nft b/hosts/vidhar/network/ruleset.nft index 980cbdc6..5b68b773 100644 --- a/hosts/vidhar/network/ruleset.nft +++ b/hosts/vidhar/network/ruleset.nft | |||
@@ -126,7 +126,7 @@ table inet filter { | |||
126 | policy drop | 126 | policy drop |
127 | 127 | ||
128 | 128 | ||
129 | ct state invalid log level notice prefix "drop invalid forward: " counter name invalid-fw drop | 129 | ct state invalid log level debug prefix "drop invalid forward: " counter name invalid-fw drop |
130 | 130 | ||
131 | 131 | ||
132 | iifname lo counter name fw-lo accept | 132 | iifname lo counter name fw-lo accept |
@@ -138,8 +138,8 @@ table inet filter { | |||
138 | 138 | ||
139 | 139 | ||
140 | 140 | ||
141 | limit name lim_reject log level notice prefix "drop forward: " counter name reject-ratelimit-fw drop | 141 | limit name lim_reject log level debug prefix "drop forward: " counter name reject-ratelimit-fw drop |
142 | log level info prefix "reject forward: " counter name reject-fw | 142 | log level debug prefix "reject forward: " counter name reject-fw |
143 | meta l4proto tcp ct state new counter name reject-tcp-fw reject with tcp reset | 143 | meta l4proto tcp ct state new counter name reject-tcp-fw reject with tcp reset |
144 | ct state new counter name reject-icmp-fw reject | 144 | ct state new counter name reject-icmp-fw reject |
145 | } | 145 | } |
@@ -149,7 +149,7 @@ table inet filter { | |||
149 | policy drop | 149 | policy drop |
150 | 150 | ||
151 | 151 | ||
152 | ct state invalid log level notice prefix "drop invalid input: " counter name invalid-rx drop | 152 | ct state invalid log level debug prefix "drop invalid input: " counter name invalid-rx drop |
153 | 153 | ||
154 | 154 | ||
155 | iifname lo counter name rx-lo accept | 155 | iifname lo counter name rx-lo accept |
@@ -184,8 +184,8 @@ table inet filter { | |||
184 | ct state {established, related} counter name established-rx accept | 184 | ct state {established, related} counter name established-rx accept |
185 | 185 | ||
186 | 186 | ||
187 | limit name lim_reject log level notice prefix "drop input: " counter name reject-ratelimit-rx drop | 187 | limit name lim_reject log level debug prefix "drop input: " counter name reject-ratelimit-rx drop |
188 | log level info prefix "reject input: " counter name reject-rx | 188 | log level debug prefix "reject input: " counter name reject-rx |
189 | meta l4proto tcp ct state new counter name reject-tcp-rx reject with tcp reset | 189 | meta l4proto tcp ct state new counter name reject-tcp-rx reject with tcp reset |
190 | ct state new counter name reject-icmp-rx reject | 190 | ct state new counter name reject-icmp-rx reject |
191 | } | 191 | } |