vidhar: nftables...

author: Gregor Kleen <gkleen@yggdrasil.li> 2021-12-08 22:15:25 +0100
committer: Gregor Kleen <gkleen@yggdrasil.li> 2021-12-08 22:15:25 +0100
commit: e685f060bd7796e1f962eec6ebf40452f59b6306 (patch)
tree: 6edb047332709042c0cd13e4b5380ceeee09d74d /hosts/vidhar/ruleset.nft
parent: a19791ff99b86e4a913ebc25c5f3048c451a2b88 (diff)
download: nixos-e685f060bd7796e1f962eec6ebf40452f59b6306.tar
nixos-e685f060bd7796e1f962eec6ebf40452f59b6306.tar.gz
nixos-e685f060bd7796e1f962eec6ebf40452f59b6306.tar.bz2
nixos-e685f060bd7796e1f962eec6ebf40452f59b6306.tar.xz
nixos-e685f060bd7796e1f962eec6ebf40452f59b6306.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/hosts/vidhar/ruleset.nft b/hosts/vidhar/ruleset.nft
index fec7b536..85094647 100644
--- a/hosts/vidhar/ruleset.nft
+++ b/hosts/vidhar/ruleset.nft
@@ -9,6 +9,9 @@ table inet filter {
    policy drop
+    ct state invalid counter drop
    iifname eno1 oifname dsl counter accept
    iifname dsl oifname eno1 ct state {established, related} counter accept
@@ -31,6 +34,9 @@ table inet filter {
    policy drop
+    ct state invalid counter drop
+    
    iifname lo counter accept
    iif != lo ip daddr 127.0.0.1/8 counter reject
    iif != lo ip6 daddr ::1/128 counter reject
author	Gregor Kleen <gkleen@yggdrasil.li>	2021-12-08 22:15:25 +0100
committer	Gregor Kleen <gkleen@yggdrasil.li>	2021-12-08 22:15:25 +0100
commit	e685f060bd7796e1f962eec6ebf40452f59b6306 (patch)
tree	6edb047332709042c0cd13e4b5380ceeee09d74d /hosts/vidhar/ruleset.nft
parent	a19791ff99b86e4a913ebc25c5f3048c451a2b88 (diff)
download	nixos-e685f060bd7796e1f962eec6ebf40452f59b6306.tar nixos-e685f060bd7796e1f962eec6ebf40452f59b6306.tar.gz nixos-e685f060bd7796e1f962eec6ebf40452f59b6306.tar.bz2 nixos-e685f060bd7796e1f962eec6ebf40452f59b6306.tar.xz nixos-e685f060bd7796e1f962eec6ebf40452f59b6306.zip