diff options
| author | Xiao Pan <xyz@flylightning.xyz> | 2026-01-04 08:20:46 +0000 |
|---|---|---|
| committer | Xiao Pan <xyz@flylightning.xyz> | 2026-01-04 08:20:46 +0000 |
| commit | 59baf65291dab788cb6a93c4ae70b28cc35d5f56 (patch) | |
| tree | fafea985f68326b79c7722d377cc756fceb5c66d | |
| parent | 727ea16973fafd942006d1be4f590b74167a1021 (diff) | |
allow xyzmi access dns portba
| -rw-r--r-- | etc/nftables.conf | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/etc/nftables.conf b/etc/nftables.conf index 87596f55..61a98488 100644 --- a/etc/nftables.conf +++ b/etc/nftables.conf @@ -40,6 +40,10 @@ table inet my_table { tcp dport swgp-ba-forward-ca accept udp dport swgp-ba-forward-ca accept tcp dport monerod-p2p accept + iifname $wg_iface ip saddr 10.0.0.12 tcp dport domain accept comment "allow from wireguard mi ip to dns port" + iifname $wg_iface ip6 saddr fdc9:281f:04d7:9ee9::c tcp dport domain accept comment "allow from wireguard mi ip to dns port" + iifname $wg_iface ip saddr 10.0.0.12 udp dport domain accept comment "allow from wireguard mi ip to dns port" + iifname $wg_iface ip6 saddr fdc9:281f:04d7:9ee9::c udp dport domain accept comment "allow from wireguard mi ip to dns port" pkttype host limit rate 5/second counter reject with icmpx type admin-prohibited counter comment "count any other traffic" |