diff options
| author | Gregor Kleen <gkleen@yggdrasil.li> | 2021-12-08 18:03:22 +0100 |
|---|---|---|
| committer | Gregor Kleen <gkleen@yggdrasil.li> | 2021-12-08 18:03:22 +0100 |
| commit | e7af824df4d7bbc72695af4d7c25b6cbb4242b0c (patch) | |
| tree | e654d73c08b35e07b4f353f9034b075d2388813e /hosts/vidhar | |
| parent | 8124337c5182b02e3057ebde1213050d4a714a0f (diff) | |
| download | nixos-e7af824df4d7bbc72695af4d7c25b6cbb4242b0c.tar nixos-e7af824df4d7bbc72695af4d7c25b6cbb4242b0c.tar.gz nixos-e7af824df4d7bbc72695af4d7c25b6cbb4242b0c.tar.bz2 nixos-e7af824df4d7bbc72695af4d7c25b6cbb4242b0c.tar.xz nixos-e7af824df4d7bbc72695af4d7c25b6cbb4242b0c.zip | |
vidhar: nftables...
Diffstat (limited to 'hosts/vidhar')
| -rw-r--r-- | hosts/vidhar/ruleset.nft | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/hosts/vidhar/ruleset.nft b/hosts/vidhar/ruleset.nft index ae91af00..2e6c10b8 100644 --- a/hosts/vidhar/ruleset.nft +++ b/hosts/vidhar/ruleset.nft | |||
| @@ -4,13 +4,13 @@ table inet filter { | |||
| 4 | policy drop | 4 | policy drop |
| 5 | 5 | ||
| 6 | 6 | ||
| 7 | iifname eno1 accept | 7 | iifname eno1 counter accept |
| 8 | 8 | ||
| 9 | ct state {established, related} accept | 9 | ct state {established, related} counter accept |
| 10 | 10 | ||
| 11 | meta l4proto ipv6-icmp accept | 11 | meta l4proto ipv6-icmp counter accept |
| 12 | meta l4proto icmp accept | 12 | meta l4proto icmp counter accept |
| 13 | meta l4proto igmp accept | 13 | meta l4proto igmp counter accept |
| 14 | 14 | ||
| 15 | 15 | ||
| 16 | log prefix "drop forward:" | 16 | log prefix "drop forward:" |
| @@ -22,19 +22,19 @@ table inet filter { | |||
| 22 | policy drop | 22 | policy drop |
| 23 | 23 | ||
| 24 | 24 | ||
| 25 | iifname lo accept | 25 | iifname lo counter accept |
| 26 | iif != lo ip daddr 127.0.0.1/8 counter drop | 26 | iif != lo ip daddr 127.0.0.1/8 counter drop |
| 27 | iif != lo ip6 daddr ::1/128 counter drop | 27 | iif != lo ip6 daddr ::1/128 counter drop |
| 28 | 28 | ||
| 29 | ct state {established, related} accept | 29 | ct state {established, related} counter accept |
| 30 | 30 | ||
| 31 | tcp dport 22 accept | 31 | tcp dport 22 counter accept |
| 32 | udp dport 51820 accept | 32 | udp dport 51820 counter accept |
| 33 | udp dport 60000-61000 accept | 33 | udp dport 60000-61000 counter accept |
| 34 | 34 | ||
| 35 | meta l4proto ipv6-icmp accept | 35 | meta l4proto ipv6-icmp counter accept |
| 36 | meta l4proto icmp accept | 36 | meta l4proto icmp counter accept |
| 37 | meta l4proto igmp accept | 37 | meta l4proto igmp counter accept |
| 38 | 38 | ||
| 39 | log prefix "drop input:" | 39 | log prefix "drop input:" |
| 40 | counter | 40 | counter |