diff options
Diffstat (limited to 'etc/netns/ns0')
| -rw-r--r-- | etc/netns/ns0/nftables.conf | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/etc/netns/ns0/nftables.conf b/etc/netns/ns0/nftables.conf index b0c1237c..d0643505 100644 --- a/etc/netns/ns0/nftables.conf +++ b/etc/netns/ns0/nftables.conf @@ -22,17 +22,17 @@ table inet my_table { ct state invalid drop comment "early drop of invalid connections" ct state {established, related} accept comment "allow tracked connections" iifname lo accept comment "allow from loopback" - iifname $wg_iface accept comment "allow from wireguard" + iifname $wg_iface ip saddr 10.0.0.1 accept comment "allow from wireguard insp ip" + iifname $wg_iface ip6 saddr fdc9:281f:04d7:9ee9::1 accept comment "allow from wireguard insp ip" ip protocol icmp accept meta l4proto ipv6-icmp accept - #tcp dport ssh accept + tcp dport ssh accept #tcp dport qbt-nox accept tcp dport qbt accept udp dport qbt accept #tcp dport iperf3 accept udp dport wireguard accept - udp dport swgp accept pkttype host limit rate 5/second counter reject with icmpx type admin-prohibited counter comment "count any other traffic" |