1 files changed, 6 insertions, 2 deletions
diff --git a/hosts/surtr/ruleset.nft b/hosts/surtr/ruleset.nft
index 51fcd498..4993b6b7 100644
--- a/hosts/surtr/ruleset.nft
+++ b/hosts/surtr/ruleset.nft
@@ -82,6 +82,7 @@ table inet filter {
  counter submissions-rx {}
  counter imaps-rx {}
  counter managesieve-rx {}
+  counter pgbackrest-rx {}
  counter established-rx {}
@@ -109,6 +110,7 @@ table inet filter {
  counter submissions-tx {}
  counter imaps-tx {}
  counter managesieve-tx {}
+  counter pgbackrest-tx {}
  counter tx {}
@@ -149,7 +151,7 @@ table inet filter {
    ct state invalid log level debug prefix "drop invalid input: " counter name invalid-rx drop
-    
    iifname lo counter name rx-lo accept
    iif != lo ip daddr 127.0.0.1/8 counter name invalid-local4-rx reject
@@ -178,6 +180,7 @@ table inet filter {
    tcp dport 465 counter name submissions-rx accept
    tcp dport 993 counter name imaps-rx accept
    tcp dport 4190 counter name managesieve-rx accept
+    iifname yggdrasil tcp dport 8432 counter name pgbackrest-rx accept
    ct state {established, related} counter name established-rx accept
@@ -222,7 +225,8 @@ table inet filter {
    tcp sport 465 counter name submissions-tx accept
    tcp sport 993 counter name imaps-tx accept
    tcp sport 4190 counter name managesieve-tx accept
-    
+    tcp sport 8432 counter name pgbackrest-tx accept
    counter name tx
  }

diff --git a/hosts/surtr/ruleset.nft b/hosts/surtr/ruleset.nft index 51fcd498..4993b6b7 100644 --- a/hosts/surtr/ruleset.nft +++ b/hosts/surtr/ruleset.nft
@@ -82,6 +82,7 @@ table inet filter {
82	counter submissions-rx {}	82	counter submissions-rx {}
83	counter imaps-rx {}	83	counter imaps-rx {}
84	counter managesieve-rx {}	84	counter managesieve-rx {}
		85	counter pgbackrest-rx {}
85		86
86	counter established-rx {}	87	counter established-rx {}
87		88
@@ -109,6 +110,7 @@ table inet filter {
109	counter submissions-tx {}	110	counter submissions-tx {}
110	counter imaps-tx {}	111	counter imaps-tx {}
111	counter managesieve-tx {}	112	counter managesieve-tx {}
		113	counter pgbackrest-tx {}
112		114
113	counter tx {}	115	counter tx {}
114		116
@@ -149,7 +151,7 @@ table inet filter {
149		151
150		152
151	ct state invalid log level debug prefix "drop invalid input: " counter name invalid-rx drop	153	ct state invalid log level debug prefix "drop invalid input: " counter name invalid-rx drop
152		154
153		155
154	iifname lo counter name rx-lo accept	156	iifname lo counter name rx-lo accept
155	iif != lo ip daddr 127.0.0.1/8 counter name invalid-local4-rx reject	157	iif != lo ip daddr 127.0.0.1/8 counter name invalid-local4-rx reject
@@ -178,6 +180,7 @@ table inet filter {
178	tcp dport 465 counter name submissions-rx accept	180	tcp dport 465 counter name submissions-rx accept
179	tcp dport 993 counter name imaps-rx accept	181	tcp dport 993 counter name imaps-rx accept
180	tcp dport 4190 counter name managesieve-rx accept	182	tcp dport 4190 counter name managesieve-rx accept
		183	iifname yggdrasil tcp dport 8432 counter name pgbackrest-rx accept
181		184
182	ct state {established, related} counter name established-rx accept	185	ct state {established, related} counter name established-rx accept
183		186
@@ -222,7 +225,8 @@ table inet filter {
222	tcp sport 465 counter name submissions-tx accept	225	tcp sport 465 counter name submissions-tx accept
223	tcp sport 993 counter name imaps-tx accept	226	tcp sport 993 counter name imaps-tx accept
224	tcp sport 4190 counter name managesieve-tx accept	227	tcp sport 4190 counter name managesieve-tx accept
225		228	tcp sport 8432 counter name pgbackrest-tx accept
		229
226		230
227	counter name tx	231	counter name tx
228	}	232	}