From 9a201a5929b44ab6918022dd8614286bd7b53973 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Fri, 7 Jan 2022 20:00:51 +0100
Subject: vidhar: tftp: ...

---
 hosts/vidhar/network/ruleset.nft | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'hosts')

diff --git a/hosts/vidhar/network/ruleset.nft b/hosts/vidhar/network/ruleset.nft
index 5b68b773..4d829355 100644
--- a/hosts/vidhar/network/ruleset.nft
+++ b/hosts/vidhar/network/ruleset.nft
@@ -85,6 +85,7 @@ table inet filter {
   counter dhcp-rx {}
   counter samba-rx {}
   counter http-rx {}
+  counter tftp-rx {}
 
   counter established-rx {}
 
@@ -110,6 +111,7 @@ table inet filter {
   counter dhcp-tx {}
   counter samba-tx {}
   counter http-tx {}
+  counter tftp-tx {}
 
   counter tx {}
 
@@ -180,6 +182,8 @@ table inet filter {
     iifname lan tcp dport { 445, 139, 5357 } counter name samba-rx accept
 
     iifname yggdrasil tcp dport 80 counter name http-rx accept
+    
+    iifname mgmt udp dport 69 counter name tftp-rx accept
 
     ct state {established, related} counter name established-rx accept
 
@@ -223,6 +227,9 @@ table inet filter {
 
     tcp sport 80 counter name http-tx accept
 
+    udp sport 69 counter name tftp-tx accept
+    iifname mgmt udp dport 69 counter name tftp-tx accept
+
 
     counter name tx
   }
-- 
cgit v1.2.3