summaryrefslogtreecommitdiff
path: root/hosts/vidhar/network/ruleset.nft
diff options
context:
space:
mode:
Diffstat (limited to 'hosts/vidhar/network/ruleset.nft')
-rw-r--r--hosts/vidhar/network/ruleset.nft18
1 files changed, 5 insertions, 13 deletions
diff --git a/hosts/vidhar/network/ruleset.nft b/hosts/vidhar/network/ruleset.nft
index 2080cf64..833013e9 100644
--- a/hosts/vidhar/network/ruleset.nft
+++ b/hosts/vidhar/network/ruleset.nft
@@ -59,7 +59,6 @@ table inet filter {
59 counter fw-lo {} 59 counter fw-lo {}
60 counter fw-lan {} 60 counter fw-lan {}
61 counter fw-dsl {} 61 counter fw-dsl {}
62 counter fw-printing {}
63 62
64 counter fw-cups {} 63 counter fw-cups {}
65 64
@@ -140,16 +139,9 @@ table inet filter {
140 139
141 iifname lo counter name fw-lo accept 140 iifname lo counter name fw-lo accept
142 141
143 oifname { lan, dsl, bifrost, ve-printing } meta l4proto $icmp_protos jump forward_icmp_accept 142 oifname { lan, dsl, bifrost } meta l4proto $icmp_protos jump forward_icmp_accept
144 iifname lan oifname { dsl, bifrost } counter name fw-lan accept 143 iifname lan oifname { dsl, bifrost } counter name fw-lan accept
145 144
146 iifname lan oifname ve-printing ip daddr 10.141.5.1 tcp dport 631 counter name fw-cups accept
147 iifname lan oifname ve-printing ip6 daddr 2a03:4000:52:ada:5::1 tcp dport 631 counter name fw-cups accept
148
149 # iifname ve-printing oifname dsl meta l4proto . th dport { tcp . 80, tcp . 443 } counter name fw-printing accept
150 # iifname dsl oifname ve-printing ct state { established, related } counter name fw-dsl accept
151
152 iifname ve-printing oifname lan ct state { established, related } counter name fw-printing accept
153 iifname dsl oifname lan ct state { established, related } counter name fw-dsl accept 145 iifname dsl oifname lan ct state { established, related } counter name fw-dsl accept
154 146
155 147
@@ -178,7 +170,7 @@ table inet filter {
178 iifname { lan, mgmt, dsl, yggdrasil, bifrost } tcp dport 22 counter name ssh-rx accept 170 iifname { lan, mgmt, dsl, yggdrasil, bifrost } tcp dport 22 counter name ssh-rx accept
179 iifname { lan, mgmt, dsl, yggdrasil, bifrost } udp dport 60000-61000 counter name mosh-rx accept 171 iifname { lan, mgmt, dsl, yggdrasil, bifrost } udp dport 60000-61000 counter name mosh-rx accept
180 172
181 iifname { lan, mgmt, wifibh, yggdrasil, ve-printing } meta l4proto { tcp, udp } th dport 53 counter name dns-rx accept 173 iifname { lan, mgmt, wifibh, yggdrasil } meta l4proto { tcp, udp } th dport 53 counter name dns-rx accept
182 174
183 iifname { lan, yggdrasil } tcp dport 2049 counter name nfs-rx accept 175 iifname { lan, yggdrasil } tcp dport 2049 counter name nfs-rx accept
184 176
@@ -188,7 +180,7 @@ table inet filter {
188 180
189 iifname dsl meta protocol ip6 udp dport 546 udp sport 547 counter name ipv6-pd-rx accept 181 iifname dsl meta protocol ip6 udp dport 546 udp sport 547 counter name ipv6-pd-rx accept
190 182
191 iifname { mgmt, ve-printing } udp dport 123 counter name ntp-rx accept 183 iifname mgmt udp dport 123 counter name ntp-rx accept
192 184
193 iifname { lan, mgmt, wifibh } udp dport 67 counter name dhcp-rx accept 185 iifname { lan, mgmt, wifibh } udp dport 67 counter name dhcp-rx accept
194 186
@@ -255,7 +247,7 @@ table inet filter {
255 247
256table inet nat { 248table inet nat {
257 counter dsl-nat {} 249 counter dsl-nat {}
258 counter container-nat {} 250 # counter container-nat {}
259 251
260 chain postrouting { 252 chain postrouting {
261 type nat hook postrouting priority srcnat 253 type nat hook postrouting priority srcnat
@@ -263,7 +255,7 @@ table inet nat {
263 255
264 256
265 meta nfproto ipv4 oifname dsl counter name dsl-nat masquerade 257 meta nfproto ipv4 oifname dsl counter name dsl-nat masquerade
266 iifname ve-* oifname dsl counter name container-nat masquerade 258 # iifname ve-* oifname dsl counter name container-nat masquerade
267 } 259 }
268} 260}
269 261