summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--hosts/vidhar/ruleset.nft12
1 files changed, 9 insertions, 3 deletions
diff --git a/hosts/vidhar/ruleset.nft b/hosts/vidhar/ruleset.nft
index 5a6d2c4e..f4e2aa94 100644
--- a/hosts/vidhar/ruleset.nft
+++ b/hosts/vidhar/ruleset.nft
@@ -24,8 +24,8 @@ table inet filter {
24 iifname eno1 oifname dsl counter accept 24 iifname eno1 oifname dsl counter accept
25 iifname dsl oifname eno1 ct state {established, related} counter accept 25 iifname dsl oifname eno1 ct state {established, related} counter accept
26 26
27 oifname != dsl meta l4proto { ipv6-icmp, icmp, igmp } limit name lim_icmp_local accept 27 oifname != dsl meta l4proto { ipv6-icmp, icmp, igmp } limit name lim_icmp_local counter accept
28 oifname dsl meta l4proto { ipv6-icmp, icmp, igmp } limit name lim_icmp_dsl accept 28 oifname dsl meta l4proto { ipv6-icmp, icmp, igmp } limit name lim_icmp_dsl counter accept
29 29
30 30
31 limit name lim_reject log prefix "drop forward: " counter drop 31 limit name lim_reject log prefix "drop forward: " counter drop
@@ -72,7 +72,13 @@ table inet filter {
72 72
73 chain output { 73 chain output {
74 type filter hook output priority filter 74 type filter hook output priority filter
75 policy accept 75 policy drop
76
77
78 oifname != dsl meta l4proto { ipv6-icmp, icmp, igmp } limit name lim_icmp_local counter accept
79 oifname dsl meta l4proto { ipv6-icmp, icmp, igmp } limit name lim_icmp_dsl counter accept
80
81 meta l4proto != { ipv6-icmp, icmp, igmp } counter drop
76 82
77 counter 83 counter
78 } 84 }