diff options
Diffstat (limited to 'hosts/vidhar/network/ruleset.nft')
| -rw-r--r-- | hosts/vidhar/network/ruleset.nft | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/hosts/vidhar/network/ruleset.nft b/hosts/vidhar/network/ruleset.nft index dd750394..44b6b7a9 100644 --- a/hosts/vidhar/network/ruleset.nft +++ b/hosts/vidhar/network/ruleset.nft | |||
| @@ -61,6 +61,7 @@ table inet filter { | |||
| 61 | counter fw-lan {} | 61 | counter fw-lan {} |
| 62 | counter fw-ppp {} | 62 | counter fw-ppp {} |
| 63 | counter fw-kimai {} | 63 | counter fw-kimai {} |
| 64 | counter fw-podman {} | ||
| 64 | 65 | ||
| 65 | counter fw-cups {} | 66 | counter fw-cups {} |
| 66 | 67 | ||
| @@ -97,6 +98,7 @@ table inet filter { | |||
| 97 | counter hledger-rx {} | 98 | counter hledger-rx {} |
| 98 | counter audiobookshelf-rx {} | 99 | counter audiobookshelf-rx {} |
| 99 | counter kimai-rx {} | 100 | counter kimai-rx {} |
| 101 | counter changedetection-rx {} | ||
| 100 | 102 | ||
| 101 | counter established-rx {} | 103 | counter established-rx {} |
| 102 | 104 | ||
| @@ -130,6 +132,7 @@ table inet filter { | |||
| 130 | counter hledger-tx {} | 132 | counter hledger-tx {} |
| 131 | counter audiobookshelf-tx {} | 133 | counter audiobookshelf-tx {} |
| 132 | counter kimai-tx {} | 134 | counter kimai-tx {} |
| 135 | counter changedetection-tx {} | ||
| 133 | 136 | ||
| 134 | counter tx {} | 137 | counter tx {} |
| 135 | 138 | ||
| @@ -154,9 +157,11 @@ table inet filter { | |||
| 154 | oifname { lan, @pppInterface@, bifrost } meta l4proto $icmp_protos jump forward_icmp_accept | 157 | oifname { lan, @pppInterface@, bifrost } meta l4proto $icmp_protos jump forward_icmp_accept |
| 155 | iifname lan oifname { @pppInterface@, bifrost } counter name fw-lan accept | 158 | iifname lan oifname { @pppInterface@, bifrost } counter name fw-lan accept |
| 156 | iifname ve-kimai oifname @pppInterface@ counter name fw-kimai accept | 159 | iifname ve-kimai oifname @pppInterface@ counter name fw-kimai accept |
| 160 | iifname podman0 ip saddr 10.88.0.5 oifname @pppInterface@ counter name fw-podman accept | ||
| 157 | 161 | ||
| 158 | iifname @pppInterface@ oifname lan ct state { established, related } counter name fw-ppp accept | 162 | iifname @pppInterface@ oifname lan ct state { established, related } counter name fw-ppp accept |
| 159 | iifname @pppInterface@ oifname ve-kimai ct state { established, related } counter name fw-kimai accept | 163 | iifname @pppInterface@ oifname ve-kimai ct state { established, related } counter name fw-kimai accept |
| 164 | iifname @pppInterface@ oifname podman0 ip daddr 10.88.0.5 ct state { established, related } counter name fw-podman accept | ||
| 160 | 165 | ||
| 161 | iifname bifrost oifname ve-kimai tcp dport 80 ip6 saddr $bifrost_surtr ip6 daddr 2a03:4000:52:ada:6::2 counter name kimai-rx accept | 166 | iifname bifrost oifname ve-kimai tcp dport 80 ip6 saddr $bifrost_surtr ip6 daddr 2a03:4000:52:ada:6::2 counter name kimai-rx accept |
| 162 | iifname ve-kimai oifname bifrost tcp sport 80 ip6 saddr 2a03:4000:52:ada:6::2 ip6 daddr $bifrost_surtr counter name kimai-tx accept | 167 | iifname ve-kimai oifname bifrost tcp sport 80 ip6 saddr 2a03:4000:52:ada:6::2 ip6 daddr $bifrost_surtr counter name kimai-tx accept |
| @@ -187,7 +192,7 @@ table inet filter { | |||
| 187 | iifname { lan, mgmt, @pppInterface@, yggdrasil, bifrost } tcp dport 22 counter name ssh-rx accept | 192 | iifname { lan, mgmt, @pppInterface@, yggdrasil, bifrost } tcp dport 22 counter name ssh-rx accept |
| 188 | iifname { lan, mgmt, @pppInterface@, yggdrasil, bifrost } udp dport 60000-61000 counter name mosh-rx accept | 193 | iifname { lan, mgmt, @pppInterface@, yggdrasil, bifrost } udp dport 60000-61000 counter name mosh-rx accept |
| 189 | 194 | ||
| 190 | iifname { lan, mgmt, wifibh, yggdrasil } meta l4proto { tcp, udp } th dport 53 counter name dns-rx accept | 195 | iifname { lan, mgmt, wifibh, yggdrasil, podman0 } meta l4proto { tcp, udp } th dport 53 counter name dns-rx accept |
| 191 | 196 | ||
| 192 | iifname { lan, yggdrasil } tcp dport 2049 counter name nfs-rx accept | 197 | iifname { lan, yggdrasil } tcp dport 2049 counter name nfs-rx accept |
| 193 | 198 | ||
| @@ -214,6 +219,7 @@ table inet filter { | |||
| 214 | iifname bifrost tcp dport 28981 ip6 saddr $bifrost_surtr counter name paperless-rx accept | 219 | iifname bifrost tcp dport 28981 ip6 saddr $bifrost_surtr counter name paperless-rx accept |
| 215 | iifname bifrost tcp dport 5000 ip6 saddr $bifrost_surtr counter name hledger-rx accept | 220 | iifname bifrost tcp dport 5000 ip6 saddr $bifrost_surtr counter name hledger-rx accept |
| 216 | iifname bifrost tcp dport 28982 ip6 saddr $bifrost_surtr counter name audiobookshelf-rx accept | 221 | iifname bifrost tcp dport 28982 ip6 saddr $bifrost_surtr counter name audiobookshelf-rx accept |
| 222 | iifname bifrost tcp dport 5001 ip6 saddr $bifrost_surtr counter name changedetection-rx accept | ||
| 217 | 223 | ||
| 218 | ct state { established, related } counter name established-rx accept | 224 | ct state { established, related } counter name established-rx accept |
| 219 | 225 | ||
| @@ -266,6 +272,7 @@ table inet filter { | |||
| 266 | iifname bifrost tcp sport 28981 ip6 daddr $bifrost_surtr counter name paperless-tx accept | 272 | iifname bifrost tcp sport 28981 ip6 daddr $bifrost_surtr counter name paperless-tx accept |
| 267 | iifname bifrost tcp sport 5000 ip6 daddr $bifrost_surtr counter name hledger-tx accept | 273 | iifname bifrost tcp sport 5000 ip6 daddr $bifrost_surtr counter name hledger-tx accept |
| 268 | iifname bifrost tcp sport 28982 ip6 daddr $bifrost_surtr counter name audiobookshelf-tx accept | 274 | iifname bifrost tcp sport 28982 ip6 daddr $bifrost_surtr counter name audiobookshelf-tx accept |
| 275 | iifname bifrost tcp sport 5001 ip6 daddr $bifrost_surtr counter name changedetection-tx accept | ||
| 269 | 276 | ||
| 270 | 277 | ||
| 271 | counter name tx | 278 | counter name tx |