'';
ruleset = ''
table inet filter {
- chain input-intra {
- tcp dport { ssh, 2222 } counter accept comment "SSH"
- udp dport 60001-60010 counter accept comment "Mosh"
- #tcp dport 4713 counter accept comment "pulseaudio"
- tcp dport 5201 counter accept comment "iperf"
- }
chain input-net {
}
chain output-lan {
+ tcp dport { http, https } counter accept comment "HTTP(s)"
tcp dport { ssh, 2222 } counter accept comment "SSH"
udp dport 60001-60100 counter accept comment "Mosh"
tcp dport bootps counter accept comment "DHCP"
tcp dport { 4444, 5555 } counter accept
tcp dport 5201 counter accept comment "iperf"
}
- chain output-intra {
- tcp dport { ssh, 2222 } counter accept comment "SSH"
- udp dport 60001-60100 counter accept comment "Mosh"
- tcp dport { http, https } counter accept comment "HTTP"
- tcp dport git counter accept comment "Git"
- tcp dport 5201 counter accept comment "iperf"
- ip daddr losurdo.wg tcp dport 9091 counter accept comment "transmission"
- }
chain output-net {
tcp dport { ssh, 2222, 20022 } counter accept comment "SSH"
udp dport 60001-60100 counter accept comment "Mosh"
udp dport ntp skuid ${users.systemd-timesync.name} counter accept comment "NTP"
- meta l4proto { udp, tcp } skuid dnscrypt-proxy2 counter accept comment "dnscrypt-proxy2"
tcp dport { http, https } counter accept comment "HTTP"
tcp dport git counter accept comment "Git"
tcp dport imaps counter accept comment "IMAPS"
sourcephile / git / julm / julm-nix.git / blobdiff