vidhar: nftables...

author: Gregor Kleen <gkleen@yggdrasil.li> 2021-12-09 09:32:26 +0100
committer: Gregor Kleen <gkleen@yggdrasil.li> 2021-12-09 09:32:26 +0100
commit: db5eca7865cf71b8890f90632ed22a9b065d5373 (patch)
tree: b43cc51d151f4038b9715b9c612abc81047ec437 /hosts/vidhar
parent: 23923d7e463587ac9a82555b89d35e633560db32 (diff)
download: nixos-db5eca7865cf71b8890f90632ed22a9b065d5373.tar
nixos-db5eca7865cf71b8890f90632ed22a9b065d5373.tar.gz
nixos-db5eca7865cf71b8890f90632ed22a9b065d5373.tar.bz2
nixos-db5eca7865cf71b8890f90632ed22a9b065d5373.tar.xz
nixos-db5eca7865cf71b8890f90632ed22a9b065d5373.zip
1 files changed, 4 insertions, 2 deletions
diff --git a/hosts/vidhar/ruleset.nft b/hosts/vidhar/ruleset.nft
index f4e2aa94..f5de1bd1 100644
--- a/hosts/vidhar/ruleset.nft
+++ b/hosts/vidhar/ruleset.nft
@@ -72,13 +72,15 @@ table inet filter {
  chain output {
    type filter hook output priority filter
-    policy drop
+    policy accept
+    oifname lo counter accept
    oifname != dsl meta l4proto { ipv6-icmp, icmp, igmp } limit name lim_icmp_local counter accept
    oifname dsl meta l4proto { ipv6-icmp, icmp, igmp } limit name lim_icmp_dsl counter accept
+    meta l4proto { ipv6-icmp, icmp, igmp } counter drop
-    meta l4proto != { ipv6-icmp, icmp, igmp } counter drop
    counter
  }
author	Gregor Kleen <gkleen@yggdrasil.li>	2021-12-09 09:32:26 +0100
committer	Gregor Kleen <gkleen@yggdrasil.li>	2021-12-09 09:32:26 +0100
commit	db5eca7865cf71b8890f90632ed22a9b065d5373 (patch)
tree	b43cc51d151f4038b9715b9c612abc81047ec437 /hosts/vidhar
parent	23923d7e463587ac9a82555b89d35e633560db32 (diff)
download	nixos-db5eca7865cf71b8890f90632ed22a9b065d5373.tar nixos-db5eca7865cf71b8890f90632ed22a9b065d5373.tar.gz nixos-db5eca7865cf71b8890f90632ed22a9b065d5373.tar.bz2 nixos-db5eca7865cf71b8890f90632ed22a9b065d5373.tar.xz nixos-db5eca7865cf71b8890f90632ed22a9b065d5373.zip