From 2a45b6837ea381c893d0ebde2f8cce2897331c35 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sat, 24 May 2025 20:26:52 +0200
Subject: kimai

---
 hosts/vidhar/network/ruleset.nft | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

(limited to 'hosts/vidhar/network/ruleset.nft')

diff --git a/hosts/vidhar/network/ruleset.nft b/hosts/vidhar/network/ruleset.nft
index 6b0ac9fc..7897fb3d 100644
--- a/hosts/vidhar/network/ruleset.nft
+++ b/hosts/vidhar/network/ruleset.nft
@@ -60,6 +60,7 @@ table inet filter {
   counter fw-lo {}
   counter fw-lan {}
   counter fw-gpon {}
+  counter fw-kimai {}
 
   counter fw-cups {}
 
@@ -95,6 +96,7 @@ table inet filter {
   counter paperless-rx {}
   counter hledger-rx {}
   counter audiobookshelf-rx {}
+  counter kimai-rx {}
 
   counter established-rx {}
 
@@ -127,6 +129,7 @@ table inet filter {
   counter paperless-tx {}
   counter hledger-tx {}
   counter audiobookshelf-tx {}
+  counter kimai-tx {}
 
   counter tx {}
 
@@ -150,8 +153,13 @@ table inet filter {
 
     oifname { lan, gpon, bifrost } meta l4proto $icmp_protos jump forward_icmp_accept
     iifname lan oifname { gpon, bifrost } counter name fw-lan accept
+    iifname ve-kimai oifname gpon counter name fw-kimai accept
 
     iifname gpon oifname lan ct state { established, related } counter name fw-gpon accept
+    iifname gpon oifname ve-kimai ct state { established, related } counter name fw-kimai accept
+
+    iifname bifrost oifname ve-kimai tcp dport 80 ip6 saddr $bifrost_surtr ip6 daddr 2a03:4000:52:ada:6::2 counter name kimai-rx accept
+    iifname ve-kimai oifname bifrost tcp sport 80 ip6 saddr 2a03:4000:52:ada:6::2 ip6 daddr $bifrost_surtr counter name kimai-tx accept
 
 
     limit name lim_reject log level debug prefix "drop forward: " counter name reject-ratelimit-fw drop
@@ -266,7 +274,7 @@ table inet filter {
 
 table inet nat {
   counter gpon-nat {}
-  # counter container-nat {}
+  counter kimai-nat {}
 
   chain postrouting {
     type nat hook postrouting priority srcnat
@@ -274,7 +282,7 @@ table inet nat {
 
 
     meta nfproto ipv4 oifname gpon counter name gpon-nat masquerade
-    # iifname ve-* oifname gpon counter name container-nat masquerade
+    iifname ve-kimai oifname gpon counter name kimai-nat masquerade
   }
 }
 
-- 
cgit v1.2.3