diff options
| author | Gregor Kleen <gkleen@yggdrasil.li> | 2021-12-13 21:07:41 +0100 |
|---|---|---|
| committer | Gregor Kleen <gkleen@yggdrasil.li> | 2021-12-13 21:07:41 +0100 |
| commit | 58207bb276aec3e1c2acc7c6fcbb137b6c654f97 (patch) | |
| tree | 7016805a57f53d73a2c95ab5720adc1c5b90a948 /hosts | |
| parent | f45049f99883b780199a3197e3cbe269e91ca8b2 (diff) | |
| download | nixos-58207bb276aec3e1c2acc7c6fcbb137b6c654f97.tar nixos-58207bb276aec3e1c2acc7c6fcbb137b6c654f97.tar.gz nixos-58207bb276aec3e1c2acc7c6fcbb137b6c654f97.tar.bz2 nixos-58207bb276aec3e1c2acc7c6fcbb137b6c654f97.tar.xz nixos-58207bb276aec3e1c2acc7c6fcbb137b6c654f97.zip | |
surtr: nftables...
Diffstat (limited to 'hosts')
| -rw-r--r-- | hosts/surtr/ruleset.nft | 11 |
1 files changed, 3 insertions, 8 deletions
diff --git a/hosts/surtr/ruleset.nft b/hosts/surtr/ruleset.nft index f353d855..0a6e75a6 100644 --- a/hosts/surtr/ruleset.nft +++ b/hosts/surtr/ruleset.nft | |||
| @@ -1,19 +1,15 @@ | |||
| 1 | define icmp_protos = { ipv6-icmp, icmp, igmp } | 1 | define icmp_protos = { ipv6-icmp, icmp, igmp } |
| 2 | 2 | ||
| 3 | table arp filter { | 3 | table arp filter { |
| 4 | limit lim_arp_local { | 4 | limit lim_arp { |
| 5 | rate over 50 mbytes/second burst 50 mbytes | 5 | rate over 50 mbytes/second burst 50 mbytes |
| 6 | } | 6 | } |
| 7 | limit lim_arp_dsl { | ||
| 8 | rate over 1400 kbytes/second burst 1400 kbytes | ||
| 9 | } | ||
| 10 | 7 | ||
| 11 | chain input { | 8 | chain input { |
| 12 | type filter hook input priority filter | 9 | type filter hook input priority filter |
| 13 | policy accept | 10 | policy accept |
| 14 | 11 | ||
| 15 | iifname != dsl limit name lim_arp_local counter drop | 12 | limit name lim_arp counter drop |
| 16 | iifname dsl limit name lim_arp_dsl counter drop | ||
| 17 | 13 | ||
| 18 | counter | 14 | counter |
| 19 | } | 15 | } |
| @@ -22,8 +18,7 @@ table arp filter { | |||
| 22 | type filter hook output priority filter | 18 | type filter hook output priority filter |
| 23 | policy accept | 19 | policy accept |
| 24 | 20 | ||
| 25 | oifname != dsl limit name lim_arp_local counter drop | 21 | limit name lim_arp counter drop |
| 26 | oifname dsl limit name lim_arp_dsl counter drop | ||
| 27 | 22 | ||
| 28 | counter | 23 | counter |
| 29 | } | 24 | } |