yggdrasil-wg: dns

author: Gregor Kleen <gkleen@yggdrasil.li> 2022-03-15 18:35:41 +0100
committer: Gregor Kleen <gkleen@yggdrasil.li> 2022-03-15 18:35:41 +0100
commit: 6a0fd12cf07df4ee54643f64d34438ce03869a5e (patch)
tree: f0c77d48e71247dd878bdc4cf0e0a5e99f9bc9e4 /hosts/vidhar/network/ruleset.nft
parent: f95928a0ba0bdd5d66bae0ead8d64d78c73e6057 (diff)
download: nixos-6a0fd12cf07df4ee54643f64d34438ce03869a5e.tar
nixos-6a0fd12cf07df4ee54643f64d34438ce03869a5e.tar.gz
nixos-6a0fd12cf07df4ee54643f64d34438ce03869a5e.tar.bz2
nixos-6a0fd12cf07df4ee54643f64d34438ce03869a5e.tar.xz
nixos-6a0fd12cf07df4ee54643f64d34438ce03869a5e.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/hosts/vidhar/network/ruleset.nft b/hosts/vidhar/network/ruleset.nft
index 0f591f24..4e8341e9 100644
--- a/hosts/vidhar/network/ruleset.nft
+++ b/hosts/vidhar/network/ruleset.nft
@@ -165,8 +165,8 @@ table inet filter {
    iifname { lan, mgmt, dsl, yggdrasil, bifrost } tcp dport 22 counter name ssh-rx accept
    iifname { lan, mgmt, dsl, yggdrasil, bifrost } udp dport 60001-61000 counter name mosh-rx accept
-    iifname { lan, mgmt, dmz01 } tcp dport 53 counter name dns-rx accept
+    iifname { lan, mgmt, dmz01, yggdrasil } tcp dport 53 counter name dns-rx accept
-    iifname { lan, mgmt, dmz01 } udp dport 53 counter name dns-rx accept
+    iifname { lan, mgmt, dmz01, yggdrasil } udp dport 53 counter name dns-rx accept
    iifname { lan, mgmt, dsl } meta protocol ip udp dport 51820 counter name wg-rx accept
    iifname { lan, mgmt, dsl } meta protocol ip6 udp dport 51821 counter name wg-rx accept
author	Gregor Kleen <gkleen@yggdrasil.li>	2022-03-15 18:35:41 +0100
committer	Gregor Kleen <gkleen@yggdrasil.li>	2022-03-15 18:35:41 +0100
commit	6a0fd12cf07df4ee54643f64d34438ce03869a5e (patch)
tree	f0c77d48e71247dd878bdc4cf0e0a5e99f9bc9e4 /hosts/vidhar/network/ruleset.nft
parent	f95928a0ba0bdd5d66bae0ead8d64d78c73e6057 (diff)
download	nixos-6a0fd12cf07df4ee54643f64d34438ce03869a5e.tar nixos-6a0fd12cf07df4ee54643f64d34438ce03869a5e.tar.gz nixos-6a0fd12cf07df4ee54643f64d34438ce03869a5e.tar.bz2 nixos-6a0fd12cf07df4ee54643f64d34438ce03869a5e.tar.xz nixos-6a0fd12cf07df4ee54643f64d34438ce03869a5e.zip

diff --git a/hosts/vidhar/network/ruleset.nft b/hosts/vidhar/network/ruleset.nft index 0f591f24..4e8341e9 100644 --- a/hosts/vidhar/network/ruleset.nft +++ b/hosts/vidhar/network/ruleset.nft
@@ -165,8 +165,8 @@ table inet filter {
165	iifname { lan, mgmt, dsl, yggdrasil, bifrost } tcp dport 22 counter name ssh-rx accept	165	iifname { lan, mgmt, dsl, yggdrasil, bifrost } tcp dport 22 counter name ssh-rx accept
166	iifname { lan, mgmt, dsl, yggdrasil, bifrost } udp dport 60001-61000 counter name mosh-rx accept	166	iifname { lan, mgmt, dsl, yggdrasil, bifrost } udp dport 60001-61000 counter name mosh-rx accept
167		167
168	iifname { lan, mgmt, dmz01 } tcp dport 53 counter name dns-rx accept	168	iifname { lan, mgmt, dmz01, yggdrasil } tcp dport 53 counter name dns-rx accept
169	iifname { lan, mgmt, dmz01 } udp dport 53 counter name dns-rx accept	169	iifname { lan, mgmt, dmz01, yggdrasil } udp dport 53 counter name dns-rx accept
170		170
171	iifname { lan, mgmt, dsl } meta protocol ip udp dport 51820 counter name wg-rx accept	171	iifname { lan, mgmt, dsl } meta protocol ip udp dport 51820 counter name wg-rx accept
172	iifname { lan, mgmt, dsl } meta protocol ip6 udp dport 51821 counter name wg-rx accept	172	iifname { lan, mgmt, dsl } meta protocol ip6 udp dport 51821 counter name wg-rx accept