summaryrefslogtreecommitdiff
path: root/hosts/vidhar/ruleset.nft
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2021-12-08 19:01:29 +0100
committerGregor Kleen <gkleen@yggdrasil.li>2021-12-08 19:01:29 +0100
commitb27f24d4686b1fe67a351c9ebfece798a6adb0c2 (patch)
tree8e8f414931581206b15750da18835b69c15620d8 /hosts/vidhar/ruleset.nft
parente230e07face7e7e16ceb10f5551b69a3248e10a1 (diff)
downloadnixos-b27f24d4686b1fe67a351c9ebfece798a6adb0c2.tar
nixos-b27f24d4686b1fe67a351c9ebfece798a6adb0c2.tar.gz
nixos-b27f24d4686b1fe67a351c9ebfece798a6adb0c2.tar.bz2
nixos-b27f24d4686b1fe67a351c9ebfece798a6adb0c2.tar.xz
nixos-b27f24d4686b1fe67a351c9ebfece798a6adb0c2.zip
vidhar: nftables...
Diffstat (limited to 'hosts/vidhar/ruleset.nft')
-rw-r--r--hosts/vidhar/ruleset.nft10
1 files changed, 5 insertions, 5 deletions
diff --git a/hosts/vidhar/ruleset.nft b/hosts/vidhar/ruleset.nft
index dc95b95b..8877f123 100644
--- a/hosts/vidhar/ruleset.nft
+++ b/hosts/vidhar/ruleset.nft
@@ -1,6 +1,6 @@
1table inet filter { 1table inet filter {
2 chain reject-rl { 2 chain reject-rl {
3 limit rate over 1024 / second burst 1024 packets counter drop 3 limit rate over 1000 / second burst 1000 packets counter drop
4 } 4 }
5 5
6 6
@@ -19,8 +19,8 @@ table inet filter {
19 19
20 log prefix "reject forward: " counter 20 log prefix "reject forward: " counter
21 jump reject-rl 21 jump reject-rl
22 meta l4proto tcp ct new counter reject with tcp reset 22 meta l4proto tcp ct state new counter reject with tcp reset
23 ct new counter reject 23 ct state new counter reject
24 } 24 }
25 25
26 chain input { 26 chain input {
@@ -47,8 +47,8 @@ table inet filter {
47 47
48 log prefix "reject input: " counter 48 log prefix "reject input: " counter
49 jump reject-rl 49 jump reject-rl
50 meta l4proto tcp ct new counter reject with tcp reset 50 meta l4proto tcp ct state new counter reject with tcp reset
51 ct new counter reject 51 ct state new counter reject
52 } 52 }
53 53
54 chain output { 54 chain output {