From e7af824df4d7bbc72695af4d7c25b6cbb4242b0c Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Wed, 8 Dec 2021 18:03:22 +0100 Subject: vidhar: nftables... --- hosts/vidhar/ruleset.nft | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) (limited to 'hosts') diff --git a/hosts/vidhar/ruleset.nft b/hosts/vidhar/ruleset.nft index ae91af00..2e6c10b8 100644 --- a/hosts/vidhar/ruleset.nft +++ b/hosts/vidhar/ruleset.nft @@ -4,13 +4,13 @@ table inet filter { policy drop - iifname eno1 accept + iifname eno1 counter accept - ct state {established, related} accept + ct state {established, related} counter accept - meta l4proto ipv6-icmp accept - meta l4proto icmp accept - meta l4proto igmp accept + meta l4proto ipv6-icmp counter accept + meta l4proto icmp counter accept + meta l4proto igmp counter accept log prefix "drop forward:" @@ -22,19 +22,19 @@ table inet filter { policy drop - iifname lo accept + iifname lo counter accept iif != lo ip daddr 127.0.0.1/8 counter drop iif != lo ip6 daddr ::1/128 counter drop - ct state {established, related} accept + ct state {established, related} counter accept - tcp dport 22 accept - udp dport 51820 accept - udp dport 60000-61000 accept + tcp dport 22 counter accept + udp dport 51820 counter accept + udp dport 60000-61000 counter accept - meta l4proto ipv6-icmp accept - meta l4proto icmp accept - meta l4proto igmp accept + meta l4proto ipv6-icmp counter accept + meta l4proto icmp counter accept + meta l4proto igmp counter accept log prefix "drop input:" counter -- cgit v1.2.3