1 files changed, 17 insertions, 0 deletions
diff --git a/hosts/vidhar/network/ruleset.nft b/hosts/vidhar/network/ruleset.nft
index c4c2fbe6..901ecb4f 100644
--- a/hosts/vidhar/network/ruleset.nft
+++ b/hosts/vidhar/network/ruleset.nft
@@ -248,11 +248,28 @@ table bridge filter {
    policy drop
+    log level debug prefix "bridge forward: "
    ct state invalid log level debug prefix "drop invalid forward: " counter name invalid-fw drop
    iifname "wifibh01.lan" counter name wifibh-fw accept
    iifname "eno2.lan" counter name lan-fw accept
  }
+  chain input {
+    type filter hook input priority filter
+    policy accept
+    
+    log level debug prefix "bridge input: "
+  }
+  chain output {
+    type filter hook output priority filter
+    policy accept
+    
+    log level debug prefix "bridge output: "
+  }
 }
 table ip nat {

diff --git a/hosts/vidhar/network/ruleset.nft b/hosts/vidhar/network/ruleset.nft index c4c2fbe6..901ecb4f 100644 --- a/hosts/vidhar/network/ruleset.nft +++ b/hosts/vidhar/network/ruleset.nft
@@ -248,11 +248,28 @@ table bridge filter {
248	policy drop	248	policy drop
249		249
250		250
		251	log level debug prefix "bridge forward: "
		252
		253
251	ct state invalid log level debug prefix "drop invalid forward: " counter name invalid-fw drop	254	ct state invalid log level debug prefix "drop invalid forward: " counter name invalid-fw drop
252		255
253	iifname "wifibh01.lan" counter name wifibh-fw accept	256	iifname "wifibh01.lan" counter name wifibh-fw accept
254	iifname "eno2.lan" counter name lan-fw accept	257	iifname "eno2.lan" counter name lan-fw accept
255	}	258	}
		259
		260	chain input {
		261	type filter hook input priority filter
		262	policy accept
		263
		264	log level debug prefix "bridge input: "
		265	}
		266
		267	chain output {
		268	type filter hook output priority filter
		269	policy accept
		270
		271	log level debug prefix "bridge output: "
		272	}
256	}	273	}
257		274
258	table ip nat {	275	table ip nat {