...

author: Gregor Kleen <gkleen@yggdrasil.li> 2022-10-22 19:33:45 +0200
committer: Gregor Kleen <gkleen@yggdrasil.li> 2022-10-22 19:33:45 +0200
commit: ddcc8c65e30a9ca3b56e25466e749cb100b28510 (patch)
tree: 869c782c4e5874d4d353d3cd82af5b0e2dfe9a45 /installer/ruleset.nft
parent: 0b7bd91465487426041c777a40de3be9f7407058 (diff)
download: nixos-ddcc8c65e30a9ca3b56e25466e749cb100b28510.tar
nixos-ddcc8c65e30a9ca3b56e25466e749cb100b28510.tar.gz
nixos-ddcc8c65e30a9ca3b56e25466e749cb100b28510.tar.bz2
nixos-ddcc8c65e30a9ca3b56e25466e749cb100b28510.tar.xz
nixos-ddcc8c65e30a9ca3b56e25466e749cb100b28510.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/installer/ruleset.nft b/installer/ruleset.nft
index 803ce9fd..7b38a059 100644
--- a/installer/ruleset.nft
+++ b/installer/ruleset.nft
@@ -60,7 +60,7 @@ table inet filter {
    ct state invalid log level debug prefix "drop invalid input: " counter drop
-    
    iifname lo counter accept
    iif != lo ip daddr 127.0.0.1/8 counter reject
@@ -73,7 +73,7 @@ table inet filter {
    udp dport 60000-61000 counter accept
-    ct state {established, related} counter name established-rx accept
+    ct state {established, related} counter accept
    limit name lim_reject log level debug prefix "drop input: " counter drop
author	Gregor Kleen <gkleen@yggdrasil.li>	2022-10-22 19:33:45 +0200
committer	Gregor Kleen <gkleen@yggdrasil.li>	2022-10-22 19:33:45 +0200
commit	ddcc8c65e30a9ca3b56e25466e749cb100b28510 (patch)
tree	869c782c4e5874d4d353d3cd82af5b0e2dfe9a45 /installer/ruleset.nft
parent	0b7bd91465487426041c777a40de3be9f7407058 (diff)
download	nixos-ddcc8c65e30a9ca3b56e25466e749cb100b28510.tar nixos-ddcc8c65e30a9ca3b56e25466e749cb100b28510.tar.gz nixos-ddcc8c65e30a9ca3b56e25466e749cb100b28510.tar.bz2 nixos-ddcc8c65e30a9ca3b56e25466e749cb100b28510.tar.xz nixos-ddcc8c65e30a9ca3b56e25466e749cb100b28510.zip

diff --git a/installer/ruleset.nft b/installer/ruleset.nft index 803ce9fd..7b38a059 100644 --- a/installer/ruleset.nft +++ b/installer/ruleset.nft
@@ -60,7 +60,7 @@ table inet filter {
60		60
61		61
62	ct state invalid log level debug prefix "drop invalid input: " counter drop	62	ct state invalid log level debug prefix "drop invalid input: " counter drop
63		63
64		64
65	iifname lo counter accept	65	iifname lo counter accept
66	iif != lo ip daddr 127.0.0.1/8 counter reject	66	iif != lo ip daddr 127.0.0.1/8 counter reject
@@ -73,7 +73,7 @@ table inet filter {
73	udp dport 60000-61000 counter accept	73	udp dport 60000-61000 counter accept
74		74
75		75
76	ct state {established, related} counter name established-rx accept	76	ct state {established, related} counter accept
77		77
78		78
79	limit name lim_reject log level debug prefix "drop input: " counter drop	79	limit name lim_reject log level debug prefix "drop input: " counter drop