diff options
Diffstat (limited to 'hosts/surtr')
| -rw-r--r-- | hosts/surtr/ruleset.nft | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/hosts/surtr/ruleset.nft b/hosts/surtr/ruleset.nft index 9d6fd373..998bd037 100644 --- a/hosts/surtr/ruleset.nft +++ b/hosts/surtr/ruleset.nft | |||
| @@ -44,10 +44,12 @@ table inet filter { | |||
| 44 | 44 | ||
| 45 | iifname lo counter accept | 45 | iifname lo counter accept |
| 46 | 46 | ||
| 47 | meta l4proto $icmp_protos iifname {yggdrasil, bifrost} oifname ens3 limit name lim_icmp counter drop | 47 | meta l4proto $icmp_protos iifname {yggdrasil, bifrost} oifname {bifrost, ens3} limit name lim_icmp counter drop |
| 48 | meta l4proto $icmp_protos iifname {yggdrasil, bifrost} oifname ens3 counter accept | 48 | meta l4proto $icmp_protos iifname {yggdrasil, bifrost} oifname {bifrost, ens3} counter accept |
| 49 | meta l4proto $icmp_protos ct state {established, related} limit name lim_icmp counter drop | 49 | meta l4proto $icmp_protos ct state {established, related} limit name lim_icmp counter drop |
| 50 | meta l4proto $icmp_protos ct state {established, related} counter accept | 50 | meta l4proto $icmp_protos ct state {established, related} counter accept |
| 51 | meta l4proto $icmp_protos oifname bifrost limit name lim_icmp counter drop | ||
| 52 | meta l4proto $icmp_protos oifname bifrost counter accept | ||
| 51 | 53 | ||
| 52 | 54 | ||
| 53 | oifname bifrost counter accept | 55 | oifname bifrost counter accept |