From 5d879efa0c9ed73d7f6f19acebb87843c86a46e2 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Tue, 9 Dec 2025 10:27:01 +0100
Subject: changedetection.io

---
 hosts/vidhar/network/ruleset.nft | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'hosts/vidhar/network')

diff --git a/hosts/vidhar/network/ruleset.nft b/hosts/vidhar/network/ruleset.nft
index dd750394..44b6b7a9 100644
--- a/hosts/vidhar/network/ruleset.nft
+++ b/hosts/vidhar/network/ruleset.nft
@@ -61,6 +61,7 @@ table inet filter {
   counter fw-lan {}
   counter fw-ppp {}
   counter fw-kimai {}
+  counter fw-podman {}
 
   counter fw-cups {}
 
@@ -97,6 +98,7 @@ table inet filter {
   counter hledger-rx {}
   counter audiobookshelf-rx {}
   counter kimai-rx {}
+  counter changedetection-rx {}
 
   counter established-rx {}
 
@@ -130,6 +132,7 @@ table inet filter {
   counter hledger-tx {}
   counter audiobookshelf-tx {}
   counter kimai-tx {}
+  counter changedetection-tx {}
 
   counter tx {}
 
@@ -154,9 +157,11 @@ table inet filter {
     oifname { lan, @pppInterface@, bifrost } meta l4proto $icmp_protos jump forward_icmp_accept
     iifname lan oifname { @pppInterface@, bifrost } counter name fw-lan accept
     iifname ve-kimai oifname @pppInterface@ counter name fw-kimai accept
+    iifname podman0 ip saddr 10.88.0.5 oifname @pppInterface@ counter name fw-podman accept
 
     iifname @pppInterface@ oifname lan ct state { established, related } counter name fw-ppp accept
     iifname @pppInterface@ oifname ve-kimai ct state { established, related } counter name fw-kimai accept
+    iifname @pppInterface@ oifname podman0 ip daddr 10.88.0.5 ct state { established, related } counter name fw-podman accept
 
     iifname bifrost oifname ve-kimai tcp dport 80 ip6 saddr $bifrost_surtr ip6 daddr 2a03:4000:52:ada:6::2 counter name kimai-rx accept
     iifname ve-kimai oifname bifrost tcp sport 80 ip6 saddr 2a03:4000:52:ada:6::2 ip6 daddr $bifrost_surtr counter name kimai-tx accept
@@ -187,7 +192,7 @@ table inet filter {
     iifname { lan, mgmt, @pppInterface@, yggdrasil, bifrost } tcp dport 22 counter name ssh-rx accept
     iifname { lan, mgmt, @pppInterface@, yggdrasil, bifrost } udp dport 60000-61000 counter name mosh-rx accept
 
-    iifname { lan, mgmt, wifibh, yggdrasil } meta l4proto { tcp, udp } th dport 53 counter name dns-rx accept
+    iifname { lan, mgmt, wifibh, yggdrasil, podman0 } meta l4proto { tcp, udp } th dport 53 counter name dns-rx accept
 
     iifname { lan, yggdrasil } tcp dport 2049 counter name nfs-rx accept
 
@@ -214,6 +219,7 @@ table inet filter {
     iifname bifrost tcp dport 28981 ip6 saddr $bifrost_surtr counter name paperless-rx accept
     iifname bifrost tcp dport 5000 ip6 saddr $bifrost_surtr counter name hledger-rx accept
     iifname bifrost tcp dport 28982 ip6 saddr $bifrost_surtr counter name audiobookshelf-rx accept
+    iifname bifrost tcp dport 5001 ip6 saddr $bifrost_surtr counter name changedetection-rx accept
 
     ct state { established, related } counter name established-rx accept
 
@@ -266,6 +272,7 @@ table inet filter {
     iifname bifrost tcp sport 28981 ip6 daddr $bifrost_surtr counter name paperless-tx accept
     iifname bifrost tcp sport 5000 ip6 daddr $bifrost_surtr counter name hledger-tx accept
     iifname bifrost tcp sport 28982 ip6 daddr $bifrost_surtr counter name audiobookshelf-tx accept
+    iifname bifrost tcp sport 5001 ip6 daddr $bifrost_surtr counter name changedetection-tx accept
 
 
     counter name tx
-- 
cgit v1.2.3