From 111d4765d2a3cd55f7eaaf6e011f6d09b8395afb Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Tue, 14 Dec 2021 09:13:33 +0100
Subject: nftables: ...

---
 hosts/surtr/ruleset.nft | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'hosts/surtr')

diff --git a/hosts/surtr/ruleset.nft b/hosts/surtr/ruleset.nft
index a66d7193..cb41f1cf 100644
--- a/hosts/surtr/ruleset.nft
+++ b/hosts/surtr/ruleset.nft
@@ -73,9 +73,11 @@ table inet filter {
     meta l4proto $icmp_protos counter accept
 
     tcp dport 22 counter accept
+    udp dport 60001-61000 counter accept
+
     meta protocol ip udp dport 51820 counter accept
     meta protocol ip6 udp dport 51821 counter accept
-    udp dport 60001-61000 counter accept
+    iifname "yggdrasil-wg-*" meta l4proto gre counter accept
 
     tcp dport 53 counter accept
     udp dport 53 counter accept
-- 
cgit v1.2.3