diff options
| author | Gregor Kleen <gkleen@yggdrasil.li> | 2025-01-03 17:29:55 +0100 | 
|---|---|---|
| committer | Gregor Kleen <gkleen@yggdrasil.li> | 2025-01-03 17:29:55 +0100 | 
| commit | d650b72c0f71142426106db4dd71b2e7c7c413a5 (patch) | |
| tree | ffb06a5ace40aa902dfc9e2834c423bfb4447fee /hosts/vidhar/network | |
| parent | 27a172993d78bf736ab1e5a14a7a5525f4866235 (diff) | |
| download | nixos-d650b72c0f71142426106db4dd71b2e7c7c413a5.tar nixos-d650b72c0f71142426106db4dd71b2e7c7c413a5.tar.gz nixos-d650b72c0f71142426106db4dd71b2e7c7c413a5.tar.bz2 nixos-d650b72c0f71142426106db4dd71b2e7c7c413a5.tar.xz nixos-d650b72c0f71142426106db4dd71b2e7c7c413a5.zip | |
immich
Diffstat (limited to 'hosts/vidhar/network')
| -rw-r--r-- | hosts/vidhar/network/ruleset.nft | 7 | 
1 files changed, 7 insertions, 0 deletions
| diff --git a/hosts/vidhar/network/ruleset.nft b/hosts/vidhar/network/ruleset.nft index 9f519302..10fd4c51 100644 --- a/hosts/vidhar/network/ruleset.nft +++ b/hosts/vidhar/network/ruleset.nft | |||
| @@ -1,4 +1,5 @@ | |||
| 1 | define icmp_protos = { ipv6-icmp, icmp, igmp } | 1 | define icmp_protos = { ipv6-icmp, icmp, igmp } | 
| 2 | define bifrost_surtr = 2a03:4000:52:ada:4::/128 | ||
| 2 | 3 | ||
| 3 | table arp filter { | 4 | table arp filter { | 
| 4 | limit lim_arp_local { | 5 | limit lim_arp_local { | 
| @@ -90,6 +91,7 @@ table inet filter { | |||
| 90 | counter http-rx {} | 91 | counter http-rx {} | 
| 91 | counter tftp-rx {} | 92 | counter tftp-rx {} | 
| 92 | counter pgbackrest-rx {} | 93 | counter pgbackrest-rx {} | 
| 94 | counter immich-rx {} | ||
| 93 | 95 | ||
| 94 | counter established-rx {} | 96 | counter established-rx {} | 
| 95 | 97 | ||
| @@ -118,6 +120,7 @@ table inet filter { | |||
| 118 | counter http-tx {} | 120 | counter http-tx {} | 
| 119 | counter tftp-tx {} | 121 | counter tftp-tx {} | 
| 120 | counter pgbackrest-tx {} | 122 | counter pgbackrest-tx {} | 
| 123 | counter immich-tx {} | ||
| 121 | 124 | ||
| 122 | counter tx {} | 125 | counter tx {} | 
| 123 | 126 | ||
| @@ -193,6 +196,8 @@ table inet filter { | |||
| 193 | 196 | ||
| 194 | tcp dport 8432 counter name pgbackrest-rx accept | 197 | tcp dport 8432 counter name pgbackrest-rx accept | 
| 195 | 198 | ||
| 199 | iifname bifrost tcp dport 2283 ip6 saddr $bifrost_surtr counter name immich-rx accept | ||
| 200 | |||
| 196 | ct state { established, related } counter name established-rx accept | 201 | ct state { established, related } counter name established-rx accept | 
| 197 | 202 | ||
| 198 | 203 | ||
| @@ -240,6 +245,8 @@ table inet filter { | |||
| 240 | 245 | ||
| 241 | tcp sport 8432 counter name pgbackrest-tx accept | 246 | tcp sport 8432 counter name pgbackrest-tx accept | 
| 242 | 247 | ||
| 248 | iifname bifrost tcp sport 2283 ip6 daddr $bifrost_surtr counter name immich-tx accept | ||
| 249 | |||
| 243 | 250 | ||
| 244 | counter name tx | 251 | counter name tx | 
| 245 | } | 252 | } | 
