diff options
| author | Xiao Pan <xyz@flylightning.xyz> | 2025-08-29 08:57:35 +0000 |
|---|---|---|
| committer | Xiao Pan <xyz@flylightning.xyz> | 2025-08-29 08:57:35 +0000 |
| commit | c56a1a40fdf89a17a75b372be9a8218b7c2649d2 (patch) | |
| tree | c0487c4b857ebb7a5f76136c96c9f3cb5619aab4 | |
| parent | 201adf3e8e20f6f5ad3c708d3979a93229440254 (diff) | |
nft disallow pp wg ip because no needca
| -rw-r--r-- | etc/nftables.conf | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/etc/nftables.conf b/etc/nftables.conf index f0759c65..28188bb2 100644 --- a/etc/nftables.conf +++ b/etc/nftables.conf @@ -19,8 +19,8 @@ table inet my_table { ct state invalid drop comment "early drop of invalid connections" ct state {established, related} accept comment "allow tracked connections" iifname lo accept comment "allow from loopback" - iifname $wg_iface ip saddr { 10.0.0.1, 10.0.0.7 } accept comment "allow from wireguard insp and pp ip" - iifname $wg_iface ip6 saddr { fdc9:281f:04d7:9ee9::1, fdc9:281f:04d7:9ee9::7} accept comment "allow from wireguard insp and pp ip" + iifname $wg_iface ip saddr 10.0.0.1 accept comment "allow from wireguard insp ip" + iifname $wg_iface ip6 saddr fdc9:281f:04d7:9ee9::1 accept comment "allow from wireguard insp ip" ip protocol icmp accept meta l4proto ipv6-icmp accept |