From b985f38510a16a0216bd4919a5ba7edd031bdb62 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Thu, 6 Jan 2022 23:08:15 +0100 Subject: vidhar: ... --- hosts/vidhar/network/ruleset.nft | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'hosts/vidhar') diff --git a/hosts/vidhar/network/ruleset.nft b/hosts/vidhar/network/ruleset.nft index 980cbdc6..5b68b773 100644 --- a/hosts/vidhar/network/ruleset.nft +++ b/hosts/vidhar/network/ruleset.nft @@ -126,7 +126,7 @@ table inet filter { policy drop - ct state invalid log level notice prefix "drop invalid forward: " counter name invalid-fw drop + ct state invalid log level debug prefix "drop invalid forward: " counter name invalid-fw drop iifname lo counter name fw-lo accept @@ -138,8 +138,8 @@ table inet filter { - limit name lim_reject log level notice prefix "drop forward: " counter name reject-ratelimit-fw drop - log level info prefix "reject forward: " counter name reject-fw + limit name lim_reject log level debug prefix "drop forward: " counter name reject-ratelimit-fw drop + log level debug prefix "reject forward: " counter name reject-fw meta l4proto tcp ct state new counter name reject-tcp-fw reject with tcp reset ct state new counter name reject-icmp-fw reject } @@ -149,7 +149,7 @@ table inet filter { policy drop - ct state invalid log level notice prefix "drop invalid input: " counter name invalid-rx drop + ct state invalid log level debug prefix "drop invalid input: " counter name invalid-rx drop iifname lo counter name rx-lo accept @@ -184,8 +184,8 @@ table inet filter { ct state {established, related} counter name established-rx accept - limit name lim_reject log level notice prefix "drop input: " counter name reject-ratelimit-rx drop - log level info prefix "reject input: " counter name reject-rx + limit name lim_reject log level debug prefix "drop input: " counter name reject-ratelimit-rx drop + log level debug prefix "reject input: " counter name reject-rx meta l4proto tcp ct state new counter name reject-tcp-rx reject with tcp reset ct state new counter name reject-icmp-rx reject } -- cgit v1.2.3