vidhar: ...

author: Gregor Kleen <gkleen@yggdrasil.li> 2021-12-29 10:52:45 +0100
committer: Gregor Kleen <gkleen@yggdrasil.li> 2021-12-29 10:52:45 +0100
commit: 49b2b0cd849a3acd040a40b5be98875b58a236b0 (patch)
tree: e1b205f6589e1dc087cea2a86c19e2db4655b413 /hosts/vidhar/ruleset.nft
parent: bb2ef19025d688433e7e3f9ef8edc26a3fa69d24 (diff)
download: nixos-49b2b0cd849a3acd040a40b5be98875b58a236b0.tar
nixos-49b2b0cd849a3acd040a40b5be98875b58a236b0.tar.gz
nixos-49b2b0cd849a3acd040a40b5be98875b58a236b0.tar.bz2
nixos-49b2b0cd849a3acd040a40b5be98875b58a236b0.tar.xz
nixos-49b2b0cd849a3acd040a40b5be98875b58a236b0.zip
1 files changed, 8 insertions, 8 deletions
diff --git a/hosts/vidhar/ruleset.nft b/hosts/vidhar/ruleset.nft
index 2f8e7b57..57ac2716 100644
--- a/hosts/vidhar/ruleset.nft
+++ b/hosts/vidhar/ruleset.nft
@@ -59,10 +59,10 @@ table inet filter {
    iifname lo counter accept
-    oifname {eno1, dsl} meta l4proto $icmp_protos jump forward_icmp_accept
+    oifname {lan, dsl} meta l4proto $icmp_protos jump forward_icmp_accept
-    iifname eno1 oifname dsl counter accept
+    iifname lan oifname dsl counter accept
-    iifname dsl oifname eno1 ct state {established, related} counter accept
+    iifname dsl oifname lan ct state {established, related} counter accept
@@ -94,8 +94,8 @@ table inet filter {
    tcp dport 22 counter accept
    udp dport 60001-61000 counter accept
-    iifname eno1 tcp dport 53 counter accept
+    iifname lan tcp dport 53 counter accept
-    iifname eno1 udp dport 53 counter accept
+    iifname lan udp dport 53 counter accept
    meta protocol ip udp dport 51820 counter accept
    meta protocol ip6 udp dport 51821 counter accept
@@ -105,10 +105,10 @@ table inet filter {
    iifname mgmt udp dport 123 counter accept
-    iifname {eno1, mgmt} udp dport 67 counter accept
+    iifname {lan, mgmt} udp dport 67 counter accept
-    iifname eno1 udp dport { 137, 138, 3702 } counter accept
+    iifname lan udp dport { 137, 138, 3702 } counter accept
-    iifname eno1 tcp dport { 445, 139, 5357 } counter accept
+    iifname lan tcp dport { 445, 139, 5357 } counter accept
    ct state {established, related} counter accept
author	Gregor Kleen <gkleen@yggdrasil.li>	2021-12-29 10:52:45 +0100
committer	Gregor Kleen <gkleen@yggdrasil.li>	2021-12-29 10:52:45 +0100
commit	49b2b0cd849a3acd040a40b5be98875b58a236b0 (patch)
tree	e1b205f6589e1dc087cea2a86c19e2db4655b413 /hosts/vidhar/ruleset.nft
parent	bb2ef19025d688433e7e3f9ef8edc26a3fa69d24 (diff)
download	nixos-49b2b0cd849a3acd040a40b5be98875b58a236b0.tar nixos-49b2b0cd849a3acd040a40b5be98875b58a236b0.tar.gz nixos-49b2b0cd849a3acd040a40b5be98875b58a236b0.tar.bz2 nixos-49b2b0cd849a3acd040a40b5be98875b58a236b0.tar.xz nixos-49b2b0cd849a3acd040a40b5be98875b58a236b0.zip

diff --git a/hosts/vidhar/ruleset.nft b/hosts/vidhar/ruleset.nft index 2f8e7b57..57ac2716 100644 --- a/hosts/vidhar/ruleset.nft +++ b/hosts/vidhar/ruleset.nft
@@ -59,10 +59,10 @@ table inet filter {
59		59
60	iifname lo counter accept	60	iifname lo counter accept
61		61
62	oifname {eno1, dsl} meta l4proto $icmp_protos jump forward_icmp_accept	62	oifname {lan, dsl} meta l4proto $icmp_protos jump forward_icmp_accept
63		63
64	iifname eno1 oifname dsl counter accept	64	iifname lan oifname dsl counter accept
65	iifname dsl oifname eno1 ct state {established, related} counter accept	65	iifname dsl oifname lan ct state {established, related} counter accept
66		66
67		67
68		68
@@ -94,8 +94,8 @@ table inet filter {
94	tcp dport 22 counter accept	94	tcp dport 22 counter accept
95	udp dport 60001-61000 counter accept	95	udp dport 60001-61000 counter accept
96		96
97	iifname eno1 tcp dport 53 counter accept	97	iifname lan tcp dport 53 counter accept
98	iifname eno1 udp dport 53 counter accept	98	iifname lan udp dport 53 counter accept
99		99
100	meta protocol ip udp dport 51820 counter accept	100	meta protocol ip udp dport 51820 counter accept
101	meta protocol ip6 udp dport 51821 counter accept	101	meta protocol ip6 udp dport 51821 counter accept
@@ -105,10 +105,10 @@ table inet filter {
105		105
106	iifname mgmt udp dport 123 counter accept	106	iifname mgmt udp dport 123 counter accept
107		107
108	iifname {eno1, mgmt} udp dport 67 counter accept	108	iifname {lan, mgmt} udp dport 67 counter accept
109		109
110	iifname eno1 udp dport { 137, 138, 3702 } counter accept	110	iifname lan udp dport { 137, 138, 3702 } counter accept
111	iifname eno1 tcp dport { 445, 139, 5357 } counter accept	111	iifname lan tcp dport { 445, 139, 5357 } counter accept
112		112
113	ct state {established, related} counter accept	113	ct state {established, related} counter accept
114		114