diff options
author | Gregor Kleen <gkleen@yggdrasil.li> | 2022-01-08 00:33:07 +0100 |
---|---|---|
committer | Gregor Kleen <gkleen@yggdrasil.li> | 2022-01-08 00:33:07 +0100 |
commit | 5bc987ff56d78201574c03f9bd4d3411d6aa56b9 (patch) | |
tree | 5aeeab7f8a0827557089021183dec9b89d6ac438 /hosts | |
parent | c89e822a5d558b9f9bb9d1ac2a1dd76f3e64c595 (diff) | |
download | nixos-5bc987ff56d78201574c03f9bd4d3411d6aa56b9.tar nixos-5bc987ff56d78201574c03f9bd4d3411d6aa56b9.tar.gz nixos-5bc987ff56d78201574c03f9bd4d3411d6aa56b9.tar.bz2 nixos-5bc987ff56d78201574c03f9bd4d3411d6aa56b9.tar.xz nixos-5bc987ff56d78201574c03f9bd4d3411d6aa56b9.zip |
vidhar: ...
Diffstat (limited to 'hosts')
-rw-r--r-- | hosts/vidhar/network/ruleset.nft | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/hosts/vidhar/network/ruleset.nft b/hosts/vidhar/network/ruleset.nft index f6a2175c..fb04e449 100644 --- a/hosts/vidhar/network/ruleset.nft +++ b/hosts/vidhar/network/ruleset.nft | |||
@@ -162,8 +162,8 @@ table inet filter { | |||
162 | iifname != dsl meta l4proto $icmp_protos limit name lim_icmp_local counter name icmp-ratelimit-local-rx drop | 162 | iifname != dsl meta l4proto $icmp_protos limit name lim_icmp_local counter name icmp-ratelimit-local-rx drop |
163 | meta l4proto $icmp_protos counter name icmp-rx accept | 163 | meta l4proto $icmp_protos counter name icmp-rx accept |
164 | 164 | ||
165 | iifname { lan, mgmt, dsl } tcp dport 22 counter name ssh-rx accept | 165 | iifname { lan, mgmt, dsl, yggdrasil } tcp dport 22 counter name ssh-rx accept |
166 | iifname { lan, mgmt, dsl } udp dport 60001-61000 counter name mosh-rx accept | 166 | iifname { lan, mgmt, dsl, yggdrasil } udp dport 60001-61000 counter name mosh-rx accept |
167 | 167 | ||
168 | iifname { lan, mgmt, dmz01 } tcp dport 53 counter name dns-rx accept | 168 | iifname { lan, mgmt, dmz01 } tcp dport 53 counter name dns-rx accept |
169 | iifname { lan, mgmt, dmz01 } udp dport 53 counter name dns-rx accept | 169 | iifname { lan, mgmt, dmz01 } udp dport 53 counter name dns-rx accept |
@@ -176,7 +176,7 @@ table inet filter { | |||
176 | 176 | ||
177 | iifname mgmt udp dport 123 counter name ntp-rx accept | 177 | iifname mgmt udp dport 123 counter name ntp-rx accept |
178 | 178 | ||
179 | iifname {lan, mgmt} udp dport 67 counter name dhcp-rx accept | 179 | iifname { lan, mgmt, dmz01 } udp dport 67 counter name dhcp-rx accept |
180 | 180 | ||
181 | iifname lan udp dport { 137, 138, 3702 } counter name samba-rx accept | 181 | iifname lan udp dport { 137, 138, 3702 } counter name samba-rx accept |
182 | iifname lan tcp dport { 445, 139, 5357 } counter name samba-rx accept | 182 | iifname lan tcp dport { 445, 139, 5357 } counter name samba-rx accept |