diff options
| author | Xiao Pan <xyz@flylightning.xyz> | 2025-07-13 06:31:58 +0000 |
|---|---|---|
| committer | Xiao Pan <xyz@flylightning.xyz> | 2025-07-13 06:31:58 +0000 |
| commit | 8badbb0d11a453c042ae01fc4d19d6933a63f239 (patch) | |
| tree | 3d38f31be47d0a9ec43f95412cfdbbff60a693a0 | |
| parent | 4d3f8e59f629860baf0dcaebb31227df61175537 (diff) | |
nft allow pp wg ip access all ports, so pp can access qi and jiib
| -rw-r--r-- | etc/netns/ns0/nftables.conf | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/etc/netns/ns0/nftables.conf b/etc/netns/ns0/nftables.conf index 2d6a6e48..aeda6c57 100644 --- a/etc/netns/ns0/nftables.conf +++ b/etc/netns/ns0/nftables.conf @@ -22,8 +22,8 @@ table inet my_table { ct state invalid drop comment "early drop of invalid connections" ct state {established, related} accept comment "allow tracked connections" iifname lo accept comment "allow from loopback" - iifname $wg_iface ip saddr 10.0.0.1 accept comment "allow from wireguard insp ip" - iifname $wg_iface ip6 saddr fdc9:281f:04d7:9ee9::1 accept comment "allow from wireguard insp ip" + iifname $wg_iface ip saddr { 10.0.0.1, 10.0.0.7 } accept comment "allow from wireguard insp and pp ip" + iifname $wg_iface ip6 saddr { fdc9:281f:04d7:9ee9::1, fdc9:281f:04d7:9ee9::7} accept comment "allow from wireguard insp and pp ip" ip protocol icmp accept meta l4proto ipv6-icmp accept |