summaryrefslogtreecommitdiff
path: root/hosts/surtr/ruleset.nft
diff options
context:
space:
mode:
Diffstat (limited to 'hosts/surtr/ruleset.nft')
-rw-r--r--hosts/surtr/ruleset.nft6
1 files changed, 4 insertions, 2 deletions
diff --git a/hosts/surtr/ruleset.nft b/hosts/surtr/ruleset.nft
index 9d6fd373..998bd037 100644
--- a/hosts/surtr/ruleset.nft
+++ b/hosts/surtr/ruleset.nft
@@ -44,10 +44,12 @@ table inet filter {
44 44
45 iifname lo counter accept 45 iifname lo counter accept
46 46
47 meta l4proto $icmp_protos iifname {yggdrasil, bifrost} oifname ens3 limit name lim_icmp counter drop 47 meta l4proto $icmp_protos iifname {yggdrasil, bifrost} oifname {bifrost, ens3} limit name lim_icmp counter drop
48 meta l4proto $icmp_protos iifname {yggdrasil, bifrost} oifname ens3 counter accept 48 meta l4proto $icmp_protos iifname {yggdrasil, bifrost} oifname {bifrost, ens3} counter accept
49 meta l4proto $icmp_protos ct state {established, related} limit name lim_icmp counter drop 49 meta l4proto $icmp_protos ct state {established, related} limit name lim_icmp counter drop
50 meta l4proto $icmp_protos ct state {established, related} counter accept 50 meta l4proto $icmp_protos ct state {established, related} counter accept
51 meta l4proto $icmp_protos oifname bifrost limit name lim_icmp counter drop
52 meta l4proto $icmp_protos oifname bifrost counter accept
51 53
52 54
53 oifname bifrost counter accept 55 oifname bifrost counter accept