1 files changed, 3 insertions, 0 deletions
diff --git a/installer/ruleset.nft b/installer/ruleset.nft
index 4de54dd7..803ce9fd 100644
--- a/installer/ruleset.nft
+++ b/installer/ruleset.nft
@@ -73,6 +73,9 @@ table inet filter {
    udp dport 60000-61000 counter accept
+    ct state {established, related} counter name established-rx accept
    limit name lim_reject log level debug prefix "drop input: " counter drop
    log level debug prefix "reject input: " counter
    meta l4proto tcp ct state new counter reject with tcp reset

diff --git a/installer/ruleset.nft b/installer/ruleset.nft index 4de54dd7..803ce9fd 100644 --- a/installer/ruleset.nft +++ b/installer/ruleset.nft
@@ -73,6 +73,9 @@ table inet filter {
73	udp dport 60000-61000 counter accept	73	udp dport 60000-61000 counter accept
74		74
75		75
		76	ct state {established, related} counter name established-rx accept
		77
		78
76	limit name lim_reject log level debug prefix "drop input: " counter drop	79	limit name lim_reject log level debug prefix "drop input: " counter drop
77	log level debug prefix "reject input: " counter	80	log level debug prefix "reject input: " counter
78	meta l4proto tcp ct state new counter reject with tcp reset	81	meta l4proto tcp ct state new counter reject with tcp reset