From 3206ce36cb1232e176715973c9bd443fd462b54b Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Sun, 5 Mar 2023 13:15:33 +0100 Subject: vidhar: remove printing --- hosts/vidhar/network/ruleset.nft | 18 +++++------------- 1 file changed, 5 insertions(+), 13 deletions(-) (limited to 'hosts/vidhar/network') diff --git a/hosts/vidhar/network/ruleset.nft b/hosts/vidhar/network/ruleset.nft index 2080cf64..833013e9 100644 --- a/hosts/vidhar/network/ruleset.nft +++ b/hosts/vidhar/network/ruleset.nft @@ -59,7 +59,6 @@ table inet filter { counter fw-lo {} counter fw-lan {} counter fw-dsl {} - counter fw-printing {} counter fw-cups {} @@ -140,16 +139,9 @@ table inet filter { iifname lo counter name fw-lo accept - oifname { lan, dsl, bifrost, ve-printing } meta l4proto $icmp_protos jump forward_icmp_accept + oifname { lan, dsl, bifrost } meta l4proto $icmp_protos jump forward_icmp_accept iifname lan oifname { dsl, bifrost } counter name fw-lan accept - iifname lan oifname ve-printing ip daddr 10.141.5.1 tcp dport 631 counter name fw-cups accept - iifname lan oifname ve-printing ip6 daddr 2a03:4000:52:ada:5::1 tcp dport 631 counter name fw-cups accept - - # iifname ve-printing oifname dsl meta l4proto . th dport { tcp . 80, tcp . 443 } counter name fw-printing accept - # iifname dsl oifname ve-printing ct state { established, related } counter name fw-dsl accept - - iifname ve-printing oifname lan ct state { established, related } counter name fw-printing accept iifname dsl oifname lan ct state { established, related } counter name fw-dsl accept @@ -178,7 +170,7 @@ table inet filter { iifname { lan, mgmt, dsl, yggdrasil, bifrost } tcp dport 22 counter name ssh-rx accept iifname { lan, mgmt, dsl, yggdrasil, bifrost } udp dport 60000-61000 counter name mosh-rx accept - iifname { lan, mgmt, wifibh, yggdrasil, ve-printing } meta l4proto { tcp, udp } th dport 53 counter name dns-rx accept + iifname { lan, mgmt, wifibh, yggdrasil } meta l4proto { tcp, udp } th dport 53 counter name dns-rx accept iifname { lan, yggdrasil } tcp dport 2049 counter name nfs-rx accept @@ -188,7 +180,7 @@ table inet filter { iifname dsl meta protocol ip6 udp dport 546 udp sport 547 counter name ipv6-pd-rx accept - iifname { mgmt, ve-printing } udp dport 123 counter name ntp-rx accept + iifname mgmt udp dport 123 counter name ntp-rx accept iifname { lan, mgmt, wifibh } udp dport 67 counter name dhcp-rx accept @@ -255,7 +247,7 @@ table inet filter { table inet nat { counter dsl-nat {} - counter container-nat {} + # counter container-nat {} chain postrouting { type nat hook postrouting priority srcnat @@ -263,7 +255,7 @@ table inet nat { meta nfproto ipv4 oifname dsl counter name dsl-nat masquerade - iifname ve-* oifname dsl counter name container-nat masquerade + # iifname ve-* oifname dsl counter name container-nat masquerade } } -- cgit v1.2.3