summaryrefslogtreecommitdiff
path: root/hosts/surtr/ruleset.nft
diff options
context:
space:
mode:
Diffstat (limited to 'hosts/surtr/ruleset.nft')
-rw-r--r--hosts/surtr/ruleset.nft8
1 files changed, 6 insertions, 2 deletions
diff --git a/hosts/surtr/ruleset.nft b/hosts/surtr/ruleset.nft
index 51fcd498..4993b6b7 100644
--- a/hosts/surtr/ruleset.nft
+++ b/hosts/surtr/ruleset.nft
@@ -82,6 +82,7 @@ table inet filter {
82 counter submissions-rx {} 82 counter submissions-rx {}
83 counter imaps-rx {} 83 counter imaps-rx {}
84 counter managesieve-rx {} 84 counter managesieve-rx {}
85 counter pgbackrest-rx {}
85 86
86 counter established-rx {} 87 counter established-rx {}
87 88
@@ -109,6 +110,7 @@ table inet filter {
109 counter submissions-tx {} 110 counter submissions-tx {}
110 counter imaps-tx {} 111 counter imaps-tx {}
111 counter managesieve-tx {} 112 counter managesieve-tx {}
113 counter pgbackrest-tx {}
112 114
113 counter tx {} 115 counter tx {}
114 116
@@ -149,7 +151,7 @@ table inet filter {
149 151
150 152
151 ct state invalid log level debug prefix "drop invalid input: " counter name invalid-rx drop 153 ct state invalid log level debug prefix "drop invalid input: " counter name invalid-rx drop
152 154
153 155
154 iifname lo counter name rx-lo accept 156 iifname lo counter name rx-lo accept
155 iif != lo ip daddr 127.0.0.1/8 counter name invalid-local4-rx reject 157 iif != lo ip daddr 127.0.0.1/8 counter name invalid-local4-rx reject
@@ -178,6 +180,7 @@ table inet filter {
178 tcp dport 465 counter name submissions-rx accept 180 tcp dport 465 counter name submissions-rx accept
179 tcp dport 993 counter name imaps-rx accept 181 tcp dport 993 counter name imaps-rx accept
180 tcp dport 4190 counter name managesieve-rx accept 182 tcp dport 4190 counter name managesieve-rx accept
183 iifname yggdrasil tcp dport 8432 counter name pgbackrest-rx accept
181 184
182 ct state {established, related} counter name established-rx accept 185 ct state {established, related} counter name established-rx accept
183 186
@@ -222,7 +225,8 @@ table inet filter {
222 tcp sport 465 counter name submissions-tx accept 225 tcp sport 465 counter name submissions-tx accept
223 tcp sport 993 counter name imaps-tx accept 226 tcp sport 993 counter name imaps-tx accept
224 tcp sport 4190 counter name managesieve-tx accept 227 tcp sport 4190 counter name managesieve-tx accept
225 228 tcp sport 8432 counter name pgbackrest-tx accept
229
226 230
227 counter name tx 231 counter name tx
228 } 232 }