diff options
| -rw-r--r-- | hosts/vidhar/ruleset.nft | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/hosts/vidhar/ruleset.nft b/hosts/vidhar/ruleset.nft index fec7b536..85094647 100644 --- a/hosts/vidhar/ruleset.nft +++ b/hosts/vidhar/ruleset.nft | |||
| @@ -9,6 +9,9 @@ table inet filter { | |||
| 9 | policy drop | 9 | policy drop |
| 10 | 10 | ||
| 11 | 11 | ||
| 12 | ct state invalid counter drop | ||
| 13 | |||
| 14 | |||
| 12 | iifname eno1 oifname dsl counter accept | 15 | iifname eno1 oifname dsl counter accept |
| 13 | iifname dsl oifname eno1 ct state {established, related} counter accept | 16 | iifname dsl oifname eno1 ct state {established, related} counter accept |
| 14 | 17 | ||
| @@ -31,6 +34,9 @@ table inet filter { | |||
| 31 | policy drop | 34 | policy drop |
| 32 | 35 | ||
| 33 | 36 | ||
| 37 | ct state invalid counter drop | ||
| 38 | |||
| 39 | |||
| 34 | iifname lo counter accept | 40 | iifname lo counter accept |
| 35 | iif != lo ip daddr 127.0.0.1/8 counter reject | 41 | iif != lo ip daddr 127.0.0.1/8 counter reject |
| 36 | iif != lo ip6 daddr ::1/128 counter reject | 42 | iif != lo ip6 daddr ::1/128 counter reject |