summaryrefslogtreecommitdiff
path: root/hosts
diff options
context:
space:
mode:
Diffstat (limited to 'hosts')
-rw-r--r--hosts/vidhar/ruleset.nft10
1 files changed, 10 insertions, 0 deletions
diff --git a/hosts/vidhar/ruleset.nft b/hosts/vidhar/ruleset.nft
index 5263f97e..fec7b536 100644
--- a/hosts/vidhar/ruleset.nft
+++ b/hosts/vidhar/ruleset.nft
@@ -21,6 +21,9 @@ table inet filter {
21 log prefix "reject forward: " counter 21 log prefix "reject forward: " counter
22 meta l4proto tcp ct state new counter reject with tcp reset 22 meta l4proto tcp ct state new counter reject with tcp reset
23 ct state new counter reject 23 ct state new counter reject
24
25
26 counter
24 } 27 }
25 28
26 chain input { 29 chain input {
@@ -49,6 +52,9 @@ table inet filter {
49 log prefix "reject input: " counter 52 log prefix "reject input: " counter
50 meta l4proto tcp ct state new counter reject with tcp reset 53 meta l4proto tcp ct state new counter reject with tcp reset
51 ct state new counter reject 54 ct state new counter reject
55
56
57 counter
52 } 58 }
53 59
54 chain output { 60 chain output {
@@ -64,8 +70,10 @@ table ip nat {
64 type nat hook postrouting priority srcnat 70 type nat hook postrouting priority srcnat
65 policy accept 71 policy accept
66 72
73
67 oifname dsl counter masquerade 74 oifname dsl counter masquerade
68 75
76
69 counter 77 counter
70 } 78 }
71} 79}
@@ -75,8 +83,10 @@ table inet mangle {
75 type filter hook postrouting priority mangle 83 type filter hook postrouting priority mangle
76 policy accept 84 policy accept
77 85
86
78 oifname dsl meta l4proto tcp tcp flags & (syn|rst) == syn counter tcp option maxseg size set rt mtu 87 oifname dsl meta l4proto tcp tcp flags & (syn|rst) == syn counter tcp option maxseg size set rt mtu
79 88
89
80 counter 90 counter
81 } 91 }
82} \ No newline at end of file 92} \ No newline at end of file
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-31 13:48:07 +0000