nftables: ...

author: Gregor Kleen <gkleen@yggdrasil.li> 2021-12-13 21:41:10 +0100
committer: Gregor Kleen <gkleen@yggdrasil.li> 2021-12-13 21:41:10 +0100
commit: d8922d513a35bf5e7d75ea0d812d7dcdb6f2c395 (patch)
tree: 5db2e4ca378b260ae09c9a57971e77bc425e4cb1 /hosts/vidhar/ruleset.nft
parent: 3dd95b2119e7ddf3ac68aa5a744076e2daa4e99f (diff)
download: nixos-d8922d513a35bf5e7d75ea0d812d7dcdb6f2c395.tar
nixos-d8922d513a35bf5e7d75ea0d812d7dcdb6f2c395.tar.gz
nixos-d8922d513a35bf5e7d75ea0d812d7dcdb6f2c395.tar.bz2
nixos-d8922d513a35bf5e7d75ea0d812d7dcdb6f2c395.tar.xz
nixos-d8922d513a35bf5e7d75ea0d812d7dcdb6f2c395.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/hosts/vidhar/ruleset.nft b/hosts/vidhar/ruleset.nft
index 3d4d1bb0..ca0e5716 100644
--- a/hosts/vidhar/ruleset.nft
+++ b/hosts/vidhar/ruleset.nft
@@ -88,14 +88,14 @@ table inet filter {
    iifname != dsl meta l4proto $icmp_protos limit name lim_icmp_local counter drop
    meta l4proto $icmp_protos counter accept
-    ct state {established, related} counter accept
    tcp dport 22 counter accept
    meta protocol ip udp dport 51820 counter accept
    udp dport 60000-61000 counter accept
    iifname dsl meta protocol ip6 udp dport 546 udp sport 547 counter accept
+    ct state {established, related} counter accept
    limit name lim_reject log prefix "drop input: " counter drop
    log prefix "reject input: " counter
author	Gregor Kleen <gkleen@yggdrasil.li>	2021-12-13 21:41:10 +0100
committer	Gregor Kleen <gkleen@yggdrasil.li>	2021-12-13 21:41:10 +0100
commit	d8922d513a35bf5e7d75ea0d812d7dcdb6f2c395 (patch)
tree	5db2e4ca378b260ae09c9a57971e77bc425e4cb1 /hosts/vidhar/ruleset.nft
parent	3dd95b2119e7ddf3ac68aa5a744076e2daa4e99f (diff)
download	nixos-d8922d513a35bf5e7d75ea0d812d7dcdb6f2c395.tar nixos-d8922d513a35bf5e7d75ea0d812d7dcdb6f2c395.tar.gz nixos-d8922d513a35bf5e7d75ea0d812d7dcdb6f2c395.tar.bz2 nixos-d8922d513a35bf5e7d75ea0d812d7dcdb6f2c395.tar.xz nixos-d8922d513a35bf5e7d75ea0d812d7dcdb6f2c395.zip