diff options
Diffstat (limited to 'hosts/surtr')
| -rw-r--r-- | hosts/surtr/ruleset.nft | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/hosts/surtr/ruleset.nft b/hosts/surtr/ruleset.nft index f8cadc94..0a9ff530 100644 --- a/hosts/surtr/ruleset.nft +++ b/hosts/surtr/ruleset.nft | |||
| @@ -72,8 +72,6 @@ table inet filter { | |||
| 72 | meta l4proto $icmp_protos limit name lim_icmp counter drop | 72 | meta l4proto $icmp_protos limit name lim_icmp counter drop |
| 73 | meta l4proto $icmp_protos counter accept | 73 | meta l4proto $icmp_protos counter accept |
| 74 | 74 | ||
| 75 | ct state {established, related} counter accept | ||
| 76 | |||
| 77 | tcp dport 22 counter accept | 75 | tcp dport 22 counter accept |
| 78 | meta protocol ip udp dport 51820 counter accept | 76 | meta protocol ip udp dport 51820 counter accept |
| 79 | meta protocol ip6 udp dport 51821 counter accept | 77 | meta protocol ip6 udp dport 51821 counter accept |
| @@ -82,6 +80,8 @@ table inet filter { | |||
| 82 | tcp dport 53 counter accept | 80 | tcp dport 53 counter accept |
| 83 | udp dport 53 counter accept | 81 | udp dport 53 counter accept |
| 84 | 82 | ||
| 83 | ct state {established, related} counter accept | ||
| 84 | |||
| 85 | 85 | ||
| 86 | limit name lim_reject log prefix "drop input: " counter drop | 86 | limit name lim_reject log prefix "drop input: " counter drop |
| 87 | log prefix "reject input: " counter | 87 | log prefix "reject input: " counter |