diff options
| -rw-r--r-- | etc/nftables.conf | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/etc/nftables.conf b/etc/nftables.conf index 87596f55..61a98488 100644 --- a/etc/nftables.conf +++ b/etc/nftables.conf @@ -40,6 +40,10 @@ table inet my_table { tcp dport swgp-ba-forward-ca accept udp dport swgp-ba-forward-ca accept tcp dport monerod-p2p accept + iifname $wg_iface ip saddr 10.0.0.12 tcp dport domain accept comment "allow from wireguard mi ip to dns port" + iifname $wg_iface ip6 saddr fdc9:281f:04d7:9ee9::c tcp dport domain accept comment "allow from wireguard mi ip to dns port" + iifname $wg_iface ip saddr 10.0.0.12 udp dport domain accept comment "allow from wireguard mi ip to dns port" + iifname $wg_iface ip6 saddr fdc9:281f:04d7:9ee9::c udp dport domain accept comment "allow from wireguard mi ip to dns port" pkttype host limit rate 5/second counter reject with icmpx type admin-prohibited counter comment "count any other traffic" |