1 files changed, 36 insertions, 36 deletions
diff --git a/hosts/vidhar/network/ruleset.nft b/hosts/vidhar/network/ruleset.nft
index 7897fb3d..dd750394 100644
--- a/hosts/vidhar/network/ruleset.nft
+++ b/hosts/vidhar/network/ruleset.nft
@@ -5,15 +5,15 @@ table arp filter {
  limit lim_arp_local {
    rate over 50 mbytes/second burst 50 mbytes
  }
-  limit lim_arp_gpon {
+  limit lim_arp_ppp {
    rate over 7500 kbytes/second burst 7500 kbytes
  }
  counter arp-rx {}
  counter arp-tx {}
-  counter arp-ratelimit-gpon-rx {}
+  counter arp-ratelimit-ppp-rx {}
-  counter arp-ratelimit-gpon-tx {}
+  counter arp-ratelimit-ppp-tx {}
  counter arp-ratelimit-local-rx {}
  counter arp-ratelimit-local-tx {}
@@ -22,8 +22,8 @@ table arp filter {
    type filter hook input priority filter
    policy accept
-    iifname != gpon limit name lim_arp_local counter name arp-ratelimit-local-rx drop
+    iifname != @pppInterface@ limit name lim_arp_local counter name arp-ratelimit-local-rx drop
-    iifname gpon limit name lim_arp_gpon counter name arp-ratelimit-gpon-rx drop
+    iifname @pppInterface@ limit name lim_arp_ppp counter name arp-ratelimit-ppp-rx drop
    counter name arp-rx
  }
@@ -32,8 +32,8 @@ table arp filter {
    type filter hook output priority filter
    policy accept
-    oifname != gpon limit name lim_arp_local counter name arp-ratelimit-local-tx drop
+    oifname != @pppInterface@ limit name lim_arp_local counter name arp-ratelimit-local-tx drop
-    oifname gpon limit name lim_arp_gpon counter name arp-ratelimit-gpon-tx drop
+    oifname @pppInterface@ limit name lim_arp_ppp counter name arp-ratelimit-ppp-tx drop
    counter name arp-tx
  }
@@ -47,11 +47,11 @@ table inet filter {
  limit lim_icmp_local {
    rate over 50 mbytes/second burst 50 mbytes
  }
-  limit lim_icmp_gpon {
+  limit lim_icmp_ppp {
    rate over 7500 kbytes/second burst 7500 kbytes
  }
-  counter icmp-ratelimit-gpon-fw {}
+  counter icmp-ratelimit-ppp-fw {}
  counter icmp-ratelimit-local-fw {}
  counter icmp-fw {}
@@ -59,7 +59,7 @@ table inet filter {
  counter invalid-fw {}
  counter fw-lo {}
  counter fw-lan {}
-  counter fw-gpon {}
+  counter fw-ppp {}
  counter fw-kimai {}
  counter fw-cups {}
@@ -75,7 +75,7 @@ table inet filter {
  counter invalid-local4-rx {}
  counter invalid-local6-rx {}
-  counter icmp-ratelimit-gpon-rx {}
+  counter icmp-ratelimit-ppp-rx {}
  counter icmp-ratelimit-local-rx {}
  counter icmp-rx {}
@@ -108,7 +108,7 @@ table inet filter {
  counter tx-lo {}
-  counter icmp-ratelimit-gpon-tx {}
+  counter icmp-ratelimit-ppp-tx {}
  counter icmp-ratelimit-local-tx {}
  counter icmp-tx {}
@@ -135,10 +135,10 @@ table inet filter {
  chain forward_icmp_accept {
-    oifname { gpon, bifrost } limit name lim_icmp_gpon counter name icmp-ratelimit-gpon-fw drop
+    oifname { @pppInterface@, bifrost } limit name lim_icmp_ppp counter name icmp-ratelimit-ppp-fw drop
-    iifname { gpon, bifrost } limit name lim_icmp_gpon counter name icmp-ratelimit-gpon-fw drop
+    iifname { @pppInterface@, bifrost } limit name lim_icmp_ppp counter name icmp-ratelimit-ppp-fw drop
-    oifname != { gpon, bifrost } limit name lim_icmp_local counter name icmp-ratelimit-local-fw drop
+    oifname != { @pppInterface@, bifrost } limit name lim_icmp_local counter name icmp-ratelimit-local-fw drop
-    iifname != { gpon, bifrost } limit name lim_icmp_local counter name icmp-ratelimit-local-fw drop
+    iifname != { @pppInterface@, bifrost } limit name lim_icmp_local counter name icmp-ratelimit-local-fw drop
    counter name icmp-fw accept
  }
  chain forward {
@@ -151,12 +151,12 @@ table inet filter {
    iifname lo counter name fw-lo accept
-    oifname { lan, gpon, bifrost } meta l4proto $icmp_protos jump forward_icmp_accept
+    oifname { lan, @pppInterface@, bifrost } meta l4proto $icmp_protos jump forward_icmp_accept
-    iifname lan oifname { gpon, bifrost } counter name fw-lan accept
+    iifname lan oifname { @pppInterface@, bifrost } counter name fw-lan accept
-    iifname ve-kimai oifname gpon counter name fw-kimai accept
+    iifname ve-kimai oifname @pppInterface@ counter name fw-kimai accept
-    iifname gpon oifname lan ct state { established, related } counter name fw-gpon accept
+    iifname @pppInterface@ oifname lan ct state { established, related } counter name fw-ppp accept
-    iifname gpon oifname ve-kimai ct state { established, related } counter name fw-kimai accept
+    iifname @pppInterface@ oifname ve-kimai ct state { established, related } counter name fw-kimai accept
    iifname bifrost oifname ve-kimai tcp dport 80 ip6 saddr $bifrost_surtr ip6 daddr 2a03:4000:52:ada:6::2 counter name kimai-rx accept
    iifname ve-kimai oifname bifrost tcp sport 80 ip6 saddr 2a03:4000:52:ada:6::2 ip6 daddr $bifrost_surtr counter name kimai-tx accept
@@ -180,22 +180,22 @@ table inet filter {
    iif != lo ip daddr 127.0.0.1/8 counter name invalid-local4-rx reject
    iif != lo ip6 daddr ::1/128 counter name invalid-local6-rx reject
-    iifname { bifrost, gpon } meta l4proto $icmp_protos limit name lim_icmp_gpon counter name icmp-ratelimit-gpon-rx drop
+    iifname { bifrost, @pppInterface@ } meta l4proto $icmp_protos limit name lim_icmp_ppp counter name icmp-ratelimit-ppp-rx drop
-    iifname != { bifrost, gpon } meta l4proto $icmp_protos limit name lim_icmp_local counter name icmp-ratelimit-local-rx drop
+    iifname != { bifrost, @pppInterface@ } meta l4proto $icmp_protos limit name lim_icmp_local counter name icmp-ratelimit-local-rx drop
    meta l4proto $icmp_protos counter name icmp-rx accept
-    iifname { lan, mgmt, gpon, yggdrasil, bifrost } tcp dport 22 counter name ssh-rx accept
+    iifname { lan, mgmt, @pppInterface@, yggdrasil, bifrost } tcp dport 22 counter name ssh-rx accept
-    iifname { lan, mgmt, gpon, yggdrasil, bifrost } udp dport 60000-61000 counter name mosh-rx accept
+    iifname { lan, mgmt, @pppInterface@, yggdrasil, bifrost } udp dport 60000-61000 counter name mosh-rx accept
    iifname { lan, mgmt, wifibh, yggdrasil } meta l4proto { tcp, udp } th dport 53 counter name dns-rx accept
    iifname { lan, yggdrasil } tcp dport 2049 counter name nfs-rx accept
-    iifname { lan, mgmt, gpon } meta protocol ip udp dport 51820 counter name wg-rx accept
+    iifname { lan, mgmt, @pppInterface@ } meta protocol ip udp dport 51820 counter name wg-rx accept
-    iifname { lan, mgmt, gpon } meta protocol ip6 udp dport 51821 counter name wg-rx accept
+    iifname { lan, mgmt, @pppInterface@ } meta protocol ip6 udp dport 51821 counter name wg-rx accept
    iifname "yggdrasil-wg-*" meta l4proto gre counter name yggdrasil-gre-rx accept
-    iifname gpon meta protocol ip6 udp dport 546 udp sport 547 counter name ipv6-pd-rx accept
+    iifname @pppInterface@ meta protocol ip6 udp dport 546 udp sport 547 counter name ipv6-pd-rx accept
    iifname mgmt udp dport 123 counter name ntp-rx accept
@@ -231,8 +231,8 @@ table inet filter {
    oifname lo counter name tx-lo accept
-    oifname { bifrost, gpon } meta l4proto $icmp_protos limit name lim_icmp_gpon counter name icmp-ratelimit-gpon-tx drop
+    oifname { bifrost, @pppInterface@ } meta l4proto $icmp_protos limit name lim_icmp_ppp counter name icmp-ratelimit-ppp-tx drop
-    oifname != { bifrost, gpon } meta l4proto $icmp_protos limit name lim_icmp_local counter name icmp-ratelimit-local-tx drop
+    oifname != { bifrost, @pppInterface@ } meta l4proto $icmp_protos limit name lim_icmp_local counter name icmp-ratelimit-local-tx drop
    meta l4proto $icmp_protos counter name icmp-tx accept
@@ -273,7 +273,7 @@ table inet filter {
 }
 table inet nat {
-  counter gpon-nat {}
+  counter ppp-nat {}
  counter kimai-nat {}
  chain postrouting {
@@ -281,20 +281,20 @@ table inet nat {
    policy accept
-    meta nfproto ipv4 oifname gpon counter name gpon-nat masquerade
+    meta nfproto ipv4 oifname @pppInterface@ counter name ppp-nat masquerade
-    iifname ve-kimai oifname gpon counter name kimai-nat masquerade
+    iifname ve-kimai oifname @pppInterface@ counter name kimai-nat masquerade
  }
 }
 table inet mss_clamp {
-  counter gpon-mss-clamp {}
+  counter ppp-mss-clamp {}
  chain postrouting {
    type filter hook postrouting priority mangle
    policy accept
-    oifname gpon tcp flags & (syn|rst) == syn counter name gpon-mss-clamp tcp option maxseg size set rt mtu
+    oifname @pppInterface@ tcp flags & (syn|rst) == syn counter name ppp-mss-clamp tcp option maxseg size set rt mtu
  }
 }
@@ -429,7 +429,7 @@ table inet dscpclassify {
    chain postrouting {
        type filter hook postrouting priority filter + 1; policy accept
-        oifname != gpon return
+        oifname != @pppInterface@ return
        ip dscp cs0 goto ct_set_cs0
        ip dscp lephb goto ct_set_lephb

diff --git a/hosts/vidhar/network/ruleset.nft b/hosts/vidhar/network/ruleset.nft index 7897fb3d..dd750394 100644 --- a/hosts/vidhar/network/ruleset.nft +++ b/hosts/vidhar/network/ruleset.nft
@@ -5,15 +5,15 @@ table arp filter {
5	limit lim_arp_local {	5	limit lim_arp_local {
6	rate over 50 mbytes/second burst 50 mbytes	6	rate over 50 mbytes/second burst 50 mbytes
7	}	7	}
8	limit lim_arp_gpon {	8	limit lim_arp_ppp {
9	rate over 7500 kbytes/second burst 7500 kbytes	9	rate over 7500 kbytes/second burst 7500 kbytes
10	}	10	}
11		11
12	counter arp-rx {}	12	counter arp-rx {}
13	counter arp-tx {}	13	counter arp-tx {}
14		14
15	counter arp-ratelimit-gpon-rx {}	15	counter arp-ratelimit-ppp-rx {}
16	counter arp-ratelimit-gpon-tx {}	16	counter arp-ratelimit-ppp-tx {}
17		17
18	counter arp-ratelimit-local-rx {}	18	counter arp-ratelimit-local-rx {}
19	counter arp-ratelimit-local-tx {}	19	counter arp-ratelimit-local-tx {}
@@ -22,8 +22,8 @@ table arp filter {
22	type filter hook input priority filter	22	type filter hook input priority filter
23	policy accept	23	policy accept
24		24
25	iifname != gpon limit name lim_arp_local counter name arp-ratelimit-local-rx drop	25	iifname != @pppInterface@ limit name lim_arp_local counter name arp-ratelimit-local-rx drop
26	iifname gpon limit name lim_arp_gpon counter name arp-ratelimit-gpon-rx drop	26	iifname @pppInterface@ limit name lim_arp_ppp counter name arp-ratelimit-ppp-rx drop
27		27
28	counter name arp-rx	28	counter name arp-rx
29	}	29	}
@@ -32,8 +32,8 @@ table arp filter {
32	type filter hook output priority filter	32	type filter hook output priority filter
33	policy accept	33	policy accept
34		34
35	oifname != gpon limit name lim_arp_local counter name arp-ratelimit-local-tx drop	35	oifname != @pppInterface@ limit name lim_arp_local counter name arp-ratelimit-local-tx drop
36	oifname gpon limit name lim_arp_gpon counter name arp-ratelimit-gpon-tx drop	36	oifname @pppInterface@ limit name lim_arp_ppp counter name arp-ratelimit-ppp-tx drop
37		37
38	counter name arp-tx	38	counter name arp-tx
39	}	39	}
@@ -47,11 +47,11 @@ table inet filter {
47	limit lim_icmp_local {	47	limit lim_icmp_local {
48	rate over 50 mbytes/second burst 50 mbytes	48	rate over 50 mbytes/second burst 50 mbytes
49	}	49	}
50	limit lim_icmp_gpon {	50	limit lim_icmp_ppp {
51	rate over 7500 kbytes/second burst 7500 kbytes	51	rate over 7500 kbytes/second burst 7500 kbytes
52	}	52	}
53		53
54	counter icmp-ratelimit-gpon-fw {}	54	counter icmp-ratelimit-ppp-fw {}
55	counter icmp-ratelimit-local-fw {}	55	counter icmp-ratelimit-local-fw {}
56		56
57	counter icmp-fw {}	57	counter icmp-fw {}
@@ -59,7 +59,7 @@ table inet filter {
59	counter invalid-fw {}	59	counter invalid-fw {}
60	counter fw-lo {}	60	counter fw-lo {}
61	counter fw-lan {}	61	counter fw-lan {}
62	counter fw-gpon {}	62	counter fw-ppp {}
63	counter fw-kimai {}	63	counter fw-kimai {}
64		64
65	counter fw-cups {}	65	counter fw-cups {}
@@ -75,7 +75,7 @@ table inet filter {
75	counter invalid-local4-rx {}	75	counter invalid-local4-rx {}
76	counter invalid-local6-rx {}	76	counter invalid-local6-rx {}
77		77
78	counter icmp-ratelimit-gpon-rx {}	78	counter icmp-ratelimit-ppp-rx {}
79	counter icmp-ratelimit-local-rx {}	79	counter icmp-ratelimit-local-rx {}
80	counter icmp-rx {}	80	counter icmp-rx {}
81		81
@@ -108,7 +108,7 @@ table inet filter {
108		108
109	counter tx-lo {}	109	counter tx-lo {}
110		110
111	counter icmp-ratelimit-gpon-tx {}	111	counter icmp-ratelimit-ppp-tx {}
112	counter icmp-ratelimit-local-tx {}	112	counter icmp-ratelimit-local-tx {}
113	counter icmp-tx {}	113	counter icmp-tx {}
114		114
@@ -135,10 +135,10 @@ table inet filter {
135		135
136		136
137	chain forward_icmp_accept {	137	chain forward_icmp_accept {
138	oifname { gpon, bifrost } limit name lim_icmp_gpon counter name icmp-ratelimit-gpon-fw drop	138	oifname { @pppInterface@, bifrost } limit name lim_icmp_ppp counter name icmp-ratelimit-ppp-fw drop
139	iifname { gpon, bifrost } limit name lim_icmp_gpon counter name icmp-ratelimit-gpon-fw drop	139	iifname { @pppInterface@, bifrost } limit name lim_icmp_ppp counter name icmp-ratelimit-ppp-fw drop
140	oifname != { gpon, bifrost } limit name lim_icmp_local counter name icmp-ratelimit-local-fw drop	140	oifname != { @pppInterface@, bifrost } limit name lim_icmp_local counter name icmp-ratelimit-local-fw drop
141	iifname != { gpon, bifrost } limit name lim_icmp_local counter name icmp-ratelimit-local-fw drop	141	iifname != { @pppInterface@, bifrost } limit name lim_icmp_local counter name icmp-ratelimit-local-fw drop
142	counter name icmp-fw accept	142	counter name icmp-fw accept
143	}	143	}
144	chain forward {	144	chain forward {
@@ -151,12 +151,12 @@ table inet filter {
151		151
152	iifname lo counter name fw-lo accept	152	iifname lo counter name fw-lo accept
153		153
154	oifname { lan, gpon, bifrost } meta l4proto $icmp_protos jump forward_icmp_accept	154	oifname { lan, @pppInterface@, bifrost } meta l4proto $icmp_protos jump forward_icmp_accept
155	iifname lan oifname { gpon, bifrost } counter name fw-lan accept	155	iifname lan oifname { @pppInterface@, bifrost } counter name fw-lan accept
156	iifname ve-kimai oifname gpon counter name fw-kimai accept	156	iifname ve-kimai oifname @pppInterface@ counter name fw-kimai accept
157		157
158	iifname gpon oifname lan ct state { established, related } counter name fw-gpon accept	158	iifname @pppInterface@ oifname lan ct state { established, related } counter name fw-ppp accept
159	iifname gpon oifname ve-kimai ct state { established, related } counter name fw-kimai accept	159	iifname @pppInterface@ oifname ve-kimai ct state { established, related } counter name fw-kimai accept
160		160
161	iifname bifrost oifname ve-kimai tcp dport 80 ip6 saddr $bifrost_surtr ip6 daddr 2a03:4000:52:ada:6::2 counter name kimai-rx accept	161	iifname bifrost oifname ve-kimai tcp dport 80 ip6 saddr $bifrost_surtr ip6 daddr 2a03:4000:52:ada:6::2 counter name kimai-rx accept
162	iifname ve-kimai oifname bifrost tcp sport 80 ip6 saddr 2a03:4000:52:ada:6::2 ip6 daddr $bifrost_surtr counter name kimai-tx accept	162	iifname ve-kimai oifname bifrost tcp sport 80 ip6 saddr 2a03:4000:52:ada:6::2 ip6 daddr $bifrost_surtr counter name kimai-tx accept
@@ -180,22 +180,22 @@ table inet filter {
180	iif != lo ip daddr 127.0.0.1/8 counter name invalid-local4-rx reject	180	iif != lo ip daddr 127.0.0.1/8 counter name invalid-local4-rx reject
181	iif != lo ip6 daddr ::1/128 counter name invalid-local6-rx reject	181	iif != lo ip6 daddr ::1/128 counter name invalid-local6-rx reject
182		182
183	iifname { bifrost, gpon } meta l4proto $icmp_protos limit name lim_icmp_gpon counter name icmp-ratelimit-gpon-rx drop	183	iifname { bifrost, @pppInterface@ } meta l4proto $icmp_protos limit name lim_icmp_ppp counter name icmp-ratelimit-ppp-rx drop
184	iifname != { bifrost, gpon } meta l4proto $icmp_protos limit name lim_icmp_local counter name icmp-ratelimit-local-rx drop	184	iifname != { bifrost, @pppInterface@ } meta l4proto $icmp_protos limit name lim_icmp_local counter name icmp-ratelimit-local-rx drop
185	meta l4proto $icmp_protos counter name icmp-rx accept	185	meta l4proto $icmp_protos counter name icmp-rx accept
186		186
187	iifname { lan, mgmt, gpon, yggdrasil, bifrost } tcp dport 22 counter name ssh-rx accept	187	iifname { lan, mgmt, @pppInterface@, yggdrasil, bifrost } tcp dport 22 counter name ssh-rx accept
188	iifname { lan, mgmt, gpon, yggdrasil, bifrost } udp dport 60000-61000 counter name mosh-rx accept	188	iifname { lan, mgmt, @pppInterface@, yggdrasil, bifrost } udp dport 60000-61000 counter name mosh-rx accept
189		189
190	iifname { lan, mgmt, wifibh, yggdrasil } meta l4proto { tcp, udp } th dport 53 counter name dns-rx accept	190	iifname { lan, mgmt, wifibh, yggdrasil } meta l4proto { tcp, udp } th dport 53 counter name dns-rx accept
191		191
192	iifname { lan, yggdrasil } tcp dport 2049 counter name nfs-rx accept	192	iifname { lan, yggdrasil } tcp dport 2049 counter name nfs-rx accept
193		193
194	iifname { lan, mgmt, gpon } meta protocol ip udp dport 51820 counter name wg-rx accept	194	iifname { lan, mgmt, @pppInterface@ } meta protocol ip udp dport 51820 counter name wg-rx accept
195	iifname { lan, mgmt, gpon } meta protocol ip6 udp dport 51821 counter name wg-rx accept	195	iifname { lan, mgmt, @pppInterface@ } meta protocol ip6 udp dport 51821 counter name wg-rx accept
196	iifname "yggdrasil-wg-*" meta l4proto gre counter name yggdrasil-gre-rx accept	196	iifname "yggdrasil-wg-*" meta l4proto gre counter name yggdrasil-gre-rx accept
197		197
198	iifname gpon meta protocol ip6 udp dport 546 udp sport 547 counter name ipv6-pd-rx accept	198	iifname @pppInterface@ meta protocol ip6 udp dport 546 udp sport 547 counter name ipv6-pd-rx accept
199		199
200	iifname mgmt udp dport 123 counter name ntp-rx accept	200	iifname mgmt udp dport 123 counter name ntp-rx accept
201		201
@@ -231,8 +231,8 @@ table inet filter {
231		231
232	oifname lo counter name tx-lo accept	232	oifname lo counter name tx-lo accept
233		233
234	oifname { bifrost, gpon } meta l4proto $icmp_protos limit name lim_icmp_gpon counter name icmp-ratelimit-gpon-tx drop	234	oifname { bifrost, @pppInterface@ } meta l4proto $icmp_protos limit name lim_icmp_ppp counter name icmp-ratelimit-ppp-tx drop
235	oifname != { bifrost, gpon } meta l4proto $icmp_protos limit name lim_icmp_local counter name icmp-ratelimit-local-tx drop	235	oifname != { bifrost, @pppInterface@ } meta l4proto $icmp_protos limit name lim_icmp_local counter name icmp-ratelimit-local-tx drop
236	meta l4proto $icmp_protos counter name icmp-tx accept	236	meta l4proto $icmp_protos counter name icmp-tx accept
237		237
238		238
@@ -273,7 +273,7 @@ table inet filter {
273	}	273	}
274		274
275	table inet nat {	275	table inet nat {
276	counter gpon-nat {}	276	counter ppp-nat {}
277	counter kimai-nat {}	277	counter kimai-nat {}
278		278
279	chain postrouting {	279	chain postrouting {
@@ -281,20 +281,20 @@ table inet nat {
281	policy accept	281	policy accept
282		282
283		283
284	meta nfproto ipv4 oifname gpon counter name gpon-nat masquerade	284	meta nfproto ipv4 oifname @pppInterface@ counter name ppp-nat masquerade
285	iifname ve-kimai oifname gpon counter name kimai-nat masquerade	285	iifname ve-kimai oifname @pppInterface@ counter name kimai-nat masquerade
286	}	286	}
287	}	287	}
288		288
289	table inet mss_clamp {	289	table inet mss_clamp {
290	counter gpon-mss-clamp {}	290	counter ppp-mss-clamp {}
291		291
292	chain postrouting {	292	chain postrouting {
293	type filter hook postrouting priority mangle	293	type filter hook postrouting priority mangle
294	policy accept	294	policy accept
295		295
296		296
297	oifname gpon tcp flags & (syn\|rst) == syn counter name gpon-mss-clamp tcp option maxseg size set rt mtu	297	oifname @pppInterface@ tcp flags & (syn\|rst) == syn counter name ppp-mss-clamp tcp option maxseg size set rt mtu
298	}	298	}
299	}	299	}
300		300
@@ -429,7 +429,7 @@ table inet dscpclassify {
429	chain postrouting {	429	chain postrouting {
430	type filter hook postrouting priority filter + 1; policy accept	430	type filter hook postrouting priority filter + 1; policy accept
431		431
432	oifname != gpon return	432	oifname != @pppInterface@ return
433		433
434	ip dscp cs0 goto ct_set_cs0	434	ip dscp cs0 goto ct_set_cs0
435	ip dscp lephb goto ct_set_lephb	435	ip dscp lephb goto ct_set_lephb