From 27ddcfe5def6385257c97dbe98f7135b6ec490f1 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Wed, 8 Dec 2021 21:58:03 +0100 Subject: vidhar: nftables... --- hosts/vidhar/ruleset.nft | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'hosts/vidhar/ruleset.nft') diff --git a/hosts/vidhar/ruleset.nft b/hosts/vidhar/ruleset.nft index 5263f97e..fec7b536 100644 --- a/hosts/vidhar/ruleset.nft +++ b/hosts/vidhar/ruleset.nft @@ -21,6 +21,9 @@ table inet filter { log prefix "reject forward: " counter meta l4proto tcp ct state new counter reject with tcp reset ct state new counter reject + + + counter } chain input { @@ -49,6 +52,9 @@ table inet filter { log prefix "reject input: " counter meta l4proto tcp ct state new counter reject with tcp reset ct state new counter reject + + + counter } chain output { @@ -64,8 +70,10 @@ table ip nat { type nat hook postrouting priority srcnat policy accept + oifname dsl counter masquerade + counter } } @@ -75,8 +83,10 @@ table inet mangle { type filter hook postrouting priority mangle policy accept + oifname dsl meta l4proto tcp tcp flags & (syn|rst) == syn counter tcp option maxseg size set rt mtu + counter } } \ No newline at end of file -- cgit v1.2.3