diff options
author | Gregor Kleen <gkleen@yggdrasil.li> | 2021-12-08 21:58:03 +0100 |
---|---|---|
committer | Gregor Kleen <gkleen@yggdrasil.li> | 2021-12-08 21:58:03 +0100 |
commit | 27ddcfe5def6385257c97dbe98f7135b6ec490f1 (patch) | |
tree | d0375161720bb8730be940ae5fdd94687342e8d5 /hosts | |
parent | 1f3b17295865aec3eefeb0d8faece57eafe958a4 (diff) | |
download | nixos-27ddcfe5def6385257c97dbe98f7135b6ec490f1.tar nixos-27ddcfe5def6385257c97dbe98f7135b6ec490f1.tar.gz nixos-27ddcfe5def6385257c97dbe98f7135b6ec490f1.tar.bz2 nixos-27ddcfe5def6385257c97dbe98f7135b6ec490f1.tar.xz nixos-27ddcfe5def6385257c97dbe98f7135b6ec490f1.zip |
vidhar: nftables...
Diffstat (limited to 'hosts')
-rw-r--r-- | hosts/vidhar/ruleset.nft | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/hosts/vidhar/ruleset.nft b/hosts/vidhar/ruleset.nft index 5263f97e..fec7b536 100644 --- a/hosts/vidhar/ruleset.nft +++ b/hosts/vidhar/ruleset.nft | |||
@@ -21,6 +21,9 @@ table inet filter { | |||
21 | log prefix "reject forward: " counter | 21 | log prefix "reject forward: " counter |
22 | meta l4proto tcp ct state new counter reject with tcp reset | 22 | meta l4proto tcp ct state new counter reject with tcp reset |
23 | ct state new counter reject | 23 | ct state new counter reject |
24 | |||
25 | |||
26 | counter | ||
24 | } | 27 | } |
25 | 28 | ||
26 | chain input { | 29 | chain input { |
@@ -49,6 +52,9 @@ table inet filter { | |||
49 | log prefix "reject input: " counter | 52 | log prefix "reject input: " counter |
50 | meta l4proto tcp ct state new counter reject with tcp reset | 53 | meta l4proto tcp ct state new counter reject with tcp reset |
51 | ct state new counter reject | 54 | ct state new counter reject |
55 | |||
56 | |||
57 | counter | ||
52 | } | 58 | } |
53 | 59 | ||
54 | chain output { | 60 | chain output { |
@@ -64,8 +70,10 @@ table ip nat { | |||
64 | type nat hook postrouting priority srcnat | 70 | type nat hook postrouting priority srcnat |
65 | policy accept | 71 | policy accept |
66 | 72 | ||
73 | |||
67 | oifname dsl counter masquerade | 74 | oifname dsl counter masquerade |
68 | 75 | ||
76 | |||
69 | counter | 77 | counter |
70 | } | 78 | } |
71 | } | 79 | } |
@@ -75,8 +83,10 @@ table inet mangle { | |||
75 | type filter hook postrouting priority mangle | 83 | type filter hook postrouting priority mangle |
76 | policy accept | 84 | policy accept |
77 | 85 | ||
86 | |||
78 | oifname dsl meta l4proto tcp tcp flags & (syn|rst) == syn counter tcp option maxseg size set rt mtu | 87 | oifname dsl meta l4proto tcp tcp flags & (syn|rst) == syn counter tcp option maxseg size set rt mtu |
79 | 88 | ||
89 | |||
80 | counter | 90 | counter |
81 | } | 91 | } |
82 | } \ No newline at end of file | 92 | } \ No newline at end of file |