diff options
author | Gregor Kleen <gkleen@yggdrasil.li> | 2022-01-08 00:24:18 +0100 |
---|---|---|
committer | Gregor Kleen <gkleen@yggdrasil.li> | 2022-01-08 00:24:18 +0100 |
commit | c89e822a5d558b9f9bb9d1ac2a1dd76f3e64c595 (patch) | |
tree | a3d99e39387b21448d9e4d99a1dda75f10008c2e /hosts/vidhar/network/ruleset.nft | |
parent | 876c5c44867aec221a36c3b1319d96c8c3df9e44 (diff) | |
download | nixos-c89e822a5d558b9f9bb9d1ac2a1dd76f3e64c595.tar nixos-c89e822a5d558b9f9bb9d1ac2a1dd76f3e64c595.tar.gz nixos-c89e822a5d558b9f9bb9d1ac2a1dd76f3e64c595.tar.bz2 nixos-c89e822a5d558b9f9bb9d1ac2a1dd76f3e64c595.tar.xz nixos-c89e822a5d558b9f9bb9d1ac2a1dd76f3e64c595.zip |
vidhar: dmz01
Diffstat (limited to 'hosts/vidhar/network/ruleset.nft')
-rw-r--r-- | hosts/vidhar/network/ruleset.nft | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/hosts/vidhar/network/ruleset.nft b/hosts/vidhar/network/ruleset.nft index 4d829355..f6a2175c 100644 --- a/hosts/vidhar/network/ruleset.nft +++ b/hosts/vidhar/network/ruleset.nft | |||
@@ -136,7 +136,7 @@ table inet filter { | |||
136 | oifname {lan, dsl} meta l4proto $icmp_protos jump forward_icmp_accept | 136 | oifname {lan, dsl} meta l4proto $icmp_protos jump forward_icmp_accept |
137 | 137 | ||
138 | iifname lan oifname dsl counter name fw-lan accept | 138 | iifname lan oifname dsl counter name fw-lan accept |
139 | iifname dsl oifname lan ct state {established, related} counter name fw-dsl accept | 139 | iifname dsl oifname { lan, dmz01 } ct state {established, related} counter name fw-dsl accept |
140 | 140 | ||
141 | 141 | ||
142 | 142 | ||
@@ -162,14 +162,14 @@ table inet filter { | |||
162 | iifname != dsl meta l4proto $icmp_protos limit name lim_icmp_local counter name icmp-ratelimit-local-rx drop | 162 | iifname != dsl meta l4proto $icmp_protos limit name lim_icmp_local counter name icmp-ratelimit-local-rx drop |
163 | meta l4proto $icmp_protos counter name icmp-rx accept | 163 | meta l4proto $icmp_protos counter name icmp-rx accept |
164 | 164 | ||
165 | tcp dport 22 counter name ssh-rx accept | 165 | iifname { lan, mgmt, dsl } tcp dport 22 counter name ssh-rx accept |
166 | udp dport 60001-61000 counter name mosh-rx accept | 166 | iifname { lan, mgmt, dsl } udp dport 60001-61000 counter name mosh-rx accept |
167 | 167 | ||
168 | iifname lan tcp dport 53 counter name dns-rx accept | 168 | iifname { lan, mgmt, dmz01 } tcp dport 53 counter name dns-rx accept |
169 | iifname lan udp dport 53 counter name dns-rx accept | 169 | iifname { lan, mgmt, dmz01 } udp dport 53 counter name dns-rx accept |
170 | 170 | ||
171 | meta protocol ip udp dport 51820 counter name wg-rx accept | 171 | iifname { lan, mgmt, dsl } meta protocol ip udp dport 51820 counter name wg-rx accept |
172 | meta protocol ip6 udp dport 51821 counter name wg-rx accept | 172 | iifname { lan, mgmt, dsl } meta protocol ip6 udp dport 51821 counter name wg-rx accept |
173 | iifname "yggdrasil-wg-*" meta l4proto gre counter name yggdrasil-gre-rx accept | 173 | iifname "yggdrasil-wg-*" meta l4proto gre counter name yggdrasil-gre-rx accept |
174 | 174 | ||
175 | iifname dsl meta protocol ip6 udp dport 546 udp sport 547 counter name ipv6-pd-rx accept | 175 | iifname dsl meta protocol ip6 udp dport 546 udp sport 547 counter name ipv6-pd-rx accept |