From 68645f75136d6e82bfb7e27b50c531d1b416c4d5 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Mon, 30 Jan 2023 16:09:43 +0100
Subject: ...

---
 hosts/surtr/ruleset.nft | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'hosts/surtr/ruleset.nft')

diff --git a/hosts/surtr/ruleset.nft b/hosts/surtr/ruleset.nft
index 4993b6b7..ee72614f 100644
--- a/hosts/surtr/ruleset.nft
+++ b/hosts/surtr/ruleset.nft
@@ -171,6 +171,7 @@ table inet filter {
     udp dport 53 counter name dns-rx accept
 
     tcp dport {80, 443, 8448} counter name http-rx accept
+    udp dport {443, 8448} counter name http-rx accept
 
     tcp dport {3478, 5349} counter name stun-rx accept
     udp dport {3478, 5349} counter name stun-rx accept
@@ -215,7 +216,8 @@ table inet filter {
     meta protocol ip6 udp sport {51821, 51822} counter name wg-tx
     iifname "yggdrasil-wg-*" meta l4proto gre counter name yggdrasil-gre-tx
 
-    tcp sport {80,443,8448} counter name http-tx accept
+    tcp sport {80, 443, 8448} counter name http-tx accept
+    udp sport {443, 8448} counter name http-tx accept
 
     tcp sport {3478, 5349} counter name stun-tx accept
     udp sport {3478, 5349} counter name stun-tx accept
-- 
cgit v1.2.3