summaryrefslogtreecommitdiff
path: root/hosts/vidhar/network/ruleset.nft
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2022-01-06 23:08:15 +0100
committerGregor Kleen <gkleen@yggdrasil.li>2022-01-06 23:08:15 +0100
commitb985f38510a16a0216bd4919a5ba7edd031bdb62 (patch)
treeba42158ad16d48f77a7c52345dca43015e978fd1 /hosts/vidhar/network/ruleset.nft
parent0ba09e3cb005fe04550d744de0ddc7a4e85f8aeb (diff)
downloadnixos-b985f38510a16a0216bd4919a5ba7edd031bdb62.tar
nixos-b985f38510a16a0216bd4919a5ba7edd031bdb62.tar.gz
nixos-b985f38510a16a0216bd4919a5ba7edd031bdb62.tar.bz2
nixos-b985f38510a16a0216bd4919a5ba7edd031bdb62.tar.xz
nixos-b985f38510a16a0216bd4919a5ba7edd031bdb62.zip
vidhar: ...
Diffstat (limited to 'hosts/vidhar/network/ruleset.nft')
-rw-r--r--hosts/vidhar/network/ruleset.nft12
1 files changed, 6 insertions, 6 deletions
diff --git a/hosts/vidhar/network/ruleset.nft b/hosts/vidhar/network/ruleset.nft
index 980cbdc6..5b68b773 100644
--- a/hosts/vidhar/network/ruleset.nft
+++ b/hosts/vidhar/network/ruleset.nft
@@ -126,7 +126,7 @@ table inet filter {
126 policy drop 126 policy drop
127 127
128 128
129 ct state invalid log level notice prefix "drop invalid forward: " counter name invalid-fw drop 129 ct state invalid log level debug prefix "drop invalid forward: " counter name invalid-fw drop
130 130
131 131
132 iifname lo counter name fw-lo accept 132 iifname lo counter name fw-lo accept
@@ -138,8 +138,8 @@ table inet filter {
138 138
139 139
140 140
141 limit name lim_reject log level notice prefix "drop forward: " counter name reject-ratelimit-fw drop 141 limit name lim_reject log level debug prefix "drop forward: " counter name reject-ratelimit-fw drop
142 log level info prefix "reject forward: " counter name reject-fw 142 log level debug prefix "reject forward: " counter name reject-fw
143 meta l4proto tcp ct state new counter name reject-tcp-fw reject with tcp reset 143 meta l4proto tcp ct state new counter name reject-tcp-fw reject with tcp reset
144 ct state new counter name reject-icmp-fw reject 144 ct state new counter name reject-icmp-fw reject
145 } 145 }
@@ -149,7 +149,7 @@ table inet filter {
149 policy drop 149 policy drop
150 150
151 151
152 ct state invalid log level notice prefix "drop invalid input: " counter name invalid-rx drop 152 ct state invalid log level debug prefix "drop invalid input: " counter name invalid-rx drop
153 153
154 154
155 iifname lo counter name rx-lo accept 155 iifname lo counter name rx-lo accept
@@ -184,8 +184,8 @@ table inet filter {
184 ct state {established, related} counter name established-rx accept 184 ct state {established, related} counter name established-rx accept
185 185
186 186
187 limit name lim_reject log level notice prefix "drop input: " counter name reject-ratelimit-rx drop 187 limit name lim_reject log level debug prefix "drop input: " counter name reject-ratelimit-rx drop
188 log level info prefix "reject input: " counter name reject-rx 188 log level debug prefix "reject input: " counter name reject-rx
189 meta l4proto tcp ct state new counter name reject-tcp-rx reject with tcp reset 189 meta l4proto tcp ct state new counter name reject-tcp-rx reject with tcp reset
190 ct state new counter name reject-icmp-rx reject 190 ct state new counter name reject-icmp-rx reject
191 } 191 }