From d650b72c0f71142426106db4dd71b2e7c7c413a5 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Fri, 3 Jan 2025 17:29:55 +0100
Subject: immich

---
 hosts/vidhar/network/ruleset.nft | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'hosts/vidhar/network')

diff --git a/hosts/vidhar/network/ruleset.nft b/hosts/vidhar/network/ruleset.nft
index 9f519302..10fd4c51 100644
--- a/hosts/vidhar/network/ruleset.nft
+++ b/hosts/vidhar/network/ruleset.nft
@@ -1,4 +1,5 @@
 define icmp_protos = { ipv6-icmp, icmp, igmp }
+define bifrost_surtr = 2a03:4000:52:ada:4::/128
 
 table arp filter {
   limit lim_arp_local {
@@ -90,6 +91,7 @@ table inet filter {
   counter http-rx {}
   counter tftp-rx {}
   counter pgbackrest-rx {}
+  counter immich-rx {}
 
   counter established-rx {}
 
@@ -118,6 +120,7 @@ table inet filter {
   counter http-tx {}
   counter tftp-tx {}
   counter pgbackrest-tx {}
+  counter immich-tx {}
 
   counter tx {}
 
@@ -193,6 +196,8 @@ table inet filter {
 
     tcp dport 8432 counter name pgbackrest-rx accept
 
+    iifname bifrost tcp dport 2283 ip6 saddr $bifrost_surtr counter name immich-rx accept
+
     ct state { established, related } counter name established-rx accept
 
 
@@ -240,6 +245,8 @@ table inet filter {
 
     tcp sport 8432 counter name pgbackrest-tx accept
 
+    iifname bifrost tcp sport 2283 ip6 daddr $bifrost_surtr counter name immich-tx accept
+
 
     counter name tx
   }
-- 
cgit v1.2.3