diff options
Diffstat (limited to 'hosts/surtr/ruleset.nft')
| -rw-r--r-- | hosts/surtr/ruleset.nft | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/hosts/surtr/ruleset.nft b/hosts/surtr/ruleset.nft index 4993b6b7..ee72614f 100644 --- a/hosts/surtr/ruleset.nft +++ b/hosts/surtr/ruleset.nft | |||
| @@ -171,6 +171,7 @@ table inet filter { | |||
| 171 | udp dport 53 counter name dns-rx accept | 171 | udp dport 53 counter name dns-rx accept |
| 172 | 172 | ||
| 173 | tcp dport {80, 443, 8448} counter name http-rx accept | 173 | tcp dport {80, 443, 8448} counter name http-rx accept |
| 174 | udp dport {443, 8448} counter name http-rx accept | ||
| 174 | 175 | ||
| 175 | tcp dport {3478, 5349} counter name stun-rx accept | 176 | tcp dport {3478, 5349} counter name stun-rx accept |
| 176 | udp dport {3478, 5349} counter name stun-rx accept | 177 | udp dport {3478, 5349} counter name stun-rx accept |
| @@ -215,7 +216,8 @@ table inet filter { | |||
| 215 | meta protocol ip6 udp sport {51821, 51822} counter name wg-tx | 216 | meta protocol ip6 udp sport {51821, 51822} counter name wg-tx |
| 216 | iifname "yggdrasil-wg-*" meta l4proto gre counter name yggdrasil-gre-tx | 217 | iifname "yggdrasil-wg-*" meta l4proto gre counter name yggdrasil-gre-tx |
| 217 | 218 | ||
| 218 | tcp sport {80,443,8448} counter name http-tx accept | 219 | tcp sport {80, 443, 8448} counter name http-tx accept |
| 220 | udp sport {443, 8448} counter name http-tx accept | ||
| 219 | 221 | ||
| 220 | tcp sport {3478, 5349} counter name stun-tx accept | 222 | tcp sport {3478, 5349} counter name stun-tx accept |
| 221 | udp sport {3478, 5349} counter name stun-tx accept | 223 | udp sport {3478, 5349} counter name stun-tx accept |