1 files changed, 11 insertions, 5 deletions

diff --git a/hosts/vidhar/ruleset.nft b/hosts/vidhar/ruleset.nft
index 9135327f..53ae3c92 100644
--- a/hosts/vidhar/ruleset.nft
+++ b/hosts/vidhar/ruleset.nft
@@ -42,6 +42,13 @@ table inet filter {
   }
 
 
+  chain forward_icmp_accept {
+    oifname dsl limit name lim_icmp_dsl counter drop
+    iifname dsl limit name lim_icmp_dsl counter drop
+    oifname != dsl limit name lim_icmp_local counter drop
+    iifname != dsl limit name lim_icmp_local counter drop
+    counter accept
+  }
   chain forward {
     type filter hook forward priority filter
     policy drop
@@ -52,11 +59,7 @@ table inet filter {
 
     iifname lo counter accept
 
-    oifname dsl meta l4proto $icmp_protos limit name lim_icmp_dsl counter drop
-    iifname dsl meta l4proto $icmp_protos limit name lim_icmp_dsl counter drop
-    oifname != dsl meta l4proto $icmp_protos limit name lim_icmp_local counter drop
-    iifname != dsl meta l4proto $icmp_protos limit name lim_icmp_local counter drop
-    meta l4proto $icmp_protos counter accept
+    oifname {eno1, dsl} meta l4proto $icmp_protos forward_icmp_accept
 
     iifname eno1 oifname dsl counter accept
     iifname dsl oifname eno1 ct state {established, related} counter accept
@@ -104,6 +107,9 @@ table inet filter {
 
     iifname {eno1, mgmt} udp dport 67 counter accept
 
+    iifname eno1 udp dport { 137, 138, 3702 } counter accept
+    iifname eno1 tcp dport { 445, 139, 5357 } counter accept
+
     ct state {established, related} counter accept