vidhar: nftables...

author: Gregor Kleen <gkleen@yggdrasil.li> 2021-12-09 09:37:46 +0100
committer: Gregor Kleen <gkleen@yggdrasil.li> 2021-12-09 09:37:46 +0100
commit: b94928f5fbfc3b2c49384c66577231c2ad5a13df (patch)
tree: 5b96d03ae2f09e0621b6bc1de94ce6667ad4fed4 /hosts/vidhar/ruleset.nft
parent: a34f9383df7169c56fb61a8f38cd039cf71f527e (diff)
download: nixos-b94928f5fbfc3b2c49384c66577231c2ad5a13df.tar
nixos-b94928f5fbfc3b2c49384c66577231c2ad5a13df.tar.gz
nixos-b94928f5fbfc3b2c49384c66577231c2ad5a13df.tar.bz2
nixos-b94928f5fbfc3b2c49384c66577231c2ad5a13df.tar.xz
nixos-b94928f5fbfc3b2c49384c66577231c2ad5a13df.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/hosts/vidhar/ruleset.nft b/hosts/vidhar/ruleset.nft
index 9c82052f..100d9823 100644
--- a/hosts/vidhar/ruleset.nft
+++ b/hosts/vidhar/ruleset.nft
@@ -25,6 +25,8 @@ table inet filter {
    oifname != dsl meta l4proto $icmp_protos limit name lim_icmp_local counter drop
    oifname dsl meta l4proto $icmp_protos limit name lim_icmp_dsl counter drop
+    iifname != dsl meta l4proto $icmp_protos limit name lim_icmp_local counter drop
+    iifname dsl meta l4proto $icmp_protos limit name lim_icmp_dsl counter drop
    meta l4proto $icmp_protos counter accept
    iifname eno1 oifname dsl counter accept
author	Gregor Kleen <gkleen@yggdrasil.li>	2021-12-09 09:37:46 +0100
committer	Gregor Kleen <gkleen@yggdrasil.li>	2021-12-09 09:37:46 +0100
commit	b94928f5fbfc3b2c49384c66577231c2ad5a13df (patch)
tree	5b96d03ae2f09e0621b6bc1de94ce6667ad4fed4 /hosts/vidhar/ruleset.nft
parent	a34f9383df7169c56fb61a8f38cd039cf71f527e (diff)
download	nixos-b94928f5fbfc3b2c49384c66577231c2ad5a13df.tar nixos-b94928f5fbfc3b2c49384c66577231c2ad5a13df.tar.gz nixos-b94928f5fbfc3b2c49384c66577231c2ad5a13df.tar.bz2 nixos-b94928f5fbfc3b2c49384c66577231c2ad5a13df.tar.xz nixos-b94928f5fbfc3b2c49384c66577231c2ad5a13df.zip

diff --git a/hosts/vidhar/ruleset.nft b/hosts/vidhar/ruleset.nft index 9c82052f..100d9823 100644 --- a/hosts/vidhar/ruleset.nft +++ b/hosts/vidhar/ruleset.nft
@@ -25,6 +25,8 @@ table inet filter {
25		25
26	oifname != dsl meta l4proto $icmp_protos limit name lim_icmp_local counter drop	26	oifname != dsl meta l4proto $icmp_protos limit name lim_icmp_local counter drop
27	oifname dsl meta l4proto $icmp_protos limit name lim_icmp_dsl counter drop	27	oifname dsl meta l4proto $icmp_protos limit name lim_icmp_dsl counter drop
		28	iifname != dsl meta l4proto $icmp_protos limit name lim_icmp_local counter drop
		29	iifname dsl meta l4proto $icmp_protos limit name lim_icmp_dsl counter drop
28	meta l4proto $icmp_protos counter accept	30	meta l4proto $icmp_protos counter accept
29		31
30	iifname eno1 oifname dsl counter accept	32	iifname eno1 oifname dsl counter accept