summaryrefslogtreecommitdiff
path: root/hosts/vidhar/network/ruleset.nft
diff options
context:
space:
mode:
Diffstat (limited to 'hosts/vidhar/network/ruleset.nft')
-rw-r--r--hosts/vidhar/network/ruleset.nft14
1 files changed, 7 insertions, 7 deletions
diff --git a/hosts/vidhar/network/ruleset.nft b/hosts/vidhar/network/ruleset.nft
index 4d829355..f6a2175c 100644
--- a/hosts/vidhar/network/ruleset.nft
+++ b/hosts/vidhar/network/ruleset.nft
@@ -136,7 +136,7 @@ table inet filter {
136 oifname {lan, dsl} meta l4proto $icmp_protos jump forward_icmp_accept 136 oifname {lan, dsl} meta l4proto $icmp_protos jump forward_icmp_accept
137 137
138 iifname lan oifname dsl counter name fw-lan accept 138 iifname lan oifname dsl counter name fw-lan accept
139 iifname dsl oifname lan ct state {established, related} counter name fw-dsl accept 139 iifname dsl oifname { lan, dmz01 } ct state {established, related} counter name fw-dsl accept
140 140
141 141
142 142
@@ -162,14 +162,14 @@ table inet filter {
162 iifname != dsl meta l4proto $icmp_protos limit name lim_icmp_local counter name icmp-ratelimit-local-rx drop 162 iifname != dsl meta l4proto $icmp_protos limit name lim_icmp_local counter name icmp-ratelimit-local-rx drop
163 meta l4proto $icmp_protos counter name icmp-rx accept 163 meta l4proto $icmp_protos counter name icmp-rx accept
164 164
165 tcp dport 22 counter name ssh-rx accept 165 iifname { lan, mgmt, dsl } tcp dport 22 counter name ssh-rx accept
166 udp dport 60001-61000 counter name mosh-rx accept 166 iifname { lan, mgmt, dsl } udp dport 60001-61000 counter name mosh-rx accept
167 167
168 iifname lan tcp dport 53 counter name dns-rx accept 168 iifname { lan, mgmt, dmz01 } tcp dport 53 counter name dns-rx accept
169 iifname lan udp dport 53 counter name dns-rx accept 169 iifname { lan, mgmt, dmz01 } udp dport 53 counter name dns-rx accept
170 170
171 meta protocol ip udp dport 51820 counter name wg-rx accept 171 iifname { lan, mgmt, dsl } meta protocol ip udp dport 51820 counter name wg-rx accept
172 meta protocol ip6 udp dport 51821 counter name wg-rx accept 172 iifname { lan, mgmt, dsl } meta protocol ip6 udp dport 51821 counter name wg-rx accept
173 iifname "yggdrasil-wg-*" meta l4proto gre counter name yggdrasil-gre-rx accept 173 iifname "yggdrasil-wg-*" meta l4proto gre counter name yggdrasil-gre-rx accept
174 174
175 iifname dsl meta protocol ip6 udp dport 546 udp sport 547 counter name ipv6-pd-rx accept 175 iifname dsl meta protocol ip6 udp dport 546 udp sport 547 counter name ipv6-pd-rx accept