summaryrefslogtreecommitdiff
path: root/hosts/vidhar/network
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2025-05-24 20:26:52 +0200
committerGregor Kleen <gkleen@yggdrasil.li>2025-05-24 20:26:52 +0200
commit2a45b6837ea381c893d0ebde2f8cce2897331c35 (patch)
tree8c04e981d1fdf00afd5d503e62b50fe9daa1fcad /hosts/vidhar/network
parentb8c7aac98efdd794de6cc1f8ef935fff05786214 (diff)
downloadnixos-2a45b6837ea381c893d0ebde2f8cce2897331c35.tar
nixos-2a45b6837ea381c893d0ebde2f8cce2897331c35.tar.gz
nixos-2a45b6837ea381c893d0ebde2f8cce2897331c35.tar.bz2
nixos-2a45b6837ea381c893d0ebde2f8cce2897331c35.tar.xz
nixos-2a45b6837ea381c893d0ebde2f8cce2897331c35.zip
kimai
Diffstat (limited to 'hosts/vidhar/network')
-rw-r--r--hosts/vidhar/network/ruleset.nft12
1 files changed, 10 insertions, 2 deletions
diff --git a/hosts/vidhar/network/ruleset.nft b/hosts/vidhar/network/ruleset.nft
index 6b0ac9fc..7897fb3d 100644
--- a/hosts/vidhar/network/ruleset.nft
+++ b/hosts/vidhar/network/ruleset.nft
@@ -60,6 +60,7 @@ table inet filter {
60 counter fw-lo {} 60 counter fw-lo {}
61 counter fw-lan {} 61 counter fw-lan {}
62 counter fw-gpon {} 62 counter fw-gpon {}
63 counter fw-kimai {}
63 64
64 counter fw-cups {} 65 counter fw-cups {}
65 66
@@ -95,6 +96,7 @@ table inet filter {
95 counter paperless-rx {} 96 counter paperless-rx {}
96 counter hledger-rx {} 97 counter hledger-rx {}
97 counter audiobookshelf-rx {} 98 counter audiobookshelf-rx {}
99 counter kimai-rx {}
98 100
99 counter established-rx {} 101 counter established-rx {}
100 102
@@ -127,6 +129,7 @@ table inet filter {
127 counter paperless-tx {} 129 counter paperless-tx {}
128 counter hledger-tx {} 130 counter hledger-tx {}
129 counter audiobookshelf-tx {} 131 counter audiobookshelf-tx {}
132 counter kimai-tx {}
130 133
131 counter tx {} 134 counter tx {}
132 135
@@ -150,8 +153,13 @@ table inet filter {
150 153
151 oifname { lan, gpon, bifrost } meta l4proto $icmp_protos jump forward_icmp_accept 154 oifname { lan, gpon, bifrost } meta l4proto $icmp_protos jump forward_icmp_accept
152 iifname lan oifname { gpon, bifrost } counter name fw-lan accept 155 iifname lan oifname { gpon, bifrost } counter name fw-lan accept
156 iifname ve-kimai oifname gpon counter name fw-kimai accept
153 157
154 iifname gpon oifname lan ct state { established, related } counter name fw-gpon accept 158 iifname gpon oifname lan ct state { established, related } counter name fw-gpon accept
159 iifname gpon oifname ve-kimai ct state { established, related } counter name fw-kimai accept
160
161 iifname bifrost oifname ve-kimai tcp dport 80 ip6 saddr $bifrost_surtr ip6 daddr 2a03:4000:52:ada:6::2 counter name kimai-rx accept
162 iifname ve-kimai oifname bifrost tcp sport 80 ip6 saddr 2a03:4000:52:ada:6::2 ip6 daddr $bifrost_surtr counter name kimai-tx accept
155 163
156 164
157 limit name lim_reject log level debug prefix "drop forward: " counter name reject-ratelimit-fw drop 165 limit name lim_reject log level debug prefix "drop forward: " counter name reject-ratelimit-fw drop
@@ -266,7 +274,7 @@ table inet filter {
266 274
267table inet nat { 275table inet nat {
268 counter gpon-nat {} 276 counter gpon-nat {}
269 # counter container-nat {} 277 counter kimai-nat {}
270 278
271 chain postrouting { 279 chain postrouting {
272 type nat hook postrouting priority srcnat 280 type nat hook postrouting priority srcnat
@@ -274,7 +282,7 @@ table inet nat {
274 282
275 283
276 meta nfproto ipv4 oifname gpon counter name gpon-nat masquerade 284 meta nfproto ipv4 oifname gpon counter name gpon-nat masquerade
277 # iifname ve-* oifname gpon counter name container-nat masquerade 285 iifname ve-kimai oifname gpon counter name kimai-nat masquerade
278 } 286 }
279} 287}
280 288
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-25 22:32:21 +0000