From 111d4765d2a3cd55f7eaaf6e011f6d09b8395afb Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Tue, 14 Dec 2021 09:13:33 +0100 Subject: nftables: ... --- hosts/surtr/ruleset.nft | 4 +++- hosts/vidhar/ruleset.nft | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/hosts/surtr/ruleset.nft b/hosts/surtr/ruleset.nft index a66d7193..cb41f1cf 100644 --- a/hosts/surtr/ruleset.nft +++ b/hosts/surtr/ruleset.nft @@ -73,9 +73,11 @@ table inet filter { meta l4proto $icmp_protos counter accept tcp dport 22 counter accept + udp dport 60001-61000 counter accept + meta protocol ip udp dport 51820 counter accept meta protocol ip6 udp dport 51821 counter accept - udp dport 60001-61000 counter accept + iifname "yggdrasil-wg-*" meta l4proto gre counter accept tcp dport 53 counter accept udp dport 53 counter accept diff --git a/hosts/vidhar/ruleset.nft b/hosts/vidhar/ruleset.nft index b9c672bc..d1689fd6 100644 --- a/hosts/vidhar/ruleset.nft +++ b/hosts/vidhar/ruleset.nft @@ -89,9 +89,11 @@ table inet filter { meta l4proto $icmp_protos counter accept tcp dport 22 counter accept - meta protocol ip udp dport 51820 counter accept udp dport 60001-61000 counter accept + meta protocol ip udp dport 51820 counter accept + iifname "yggdrasil-wg-*" meta l4proto gre counter accept + iifname dsl meta protocol ip6 udp dport 546 udp sport 547 counter accept ct state {established, related} counter accept -- cgit v1.2.3