public-inbox: disable PR

[julm/julm-nix.git] / nixos / profiles / networking / nftables.txt

diff --git a/nixos/profiles/networking/nftables.txt b/nixos/profiles/networking/nftables.txt
index 35174cd38d816384d42d95a08d8ddc2efb9dbd28..d9bb6135e25a431bd5f6253abd067878a6c09197 100644 (file)
--- a/nixos/profiles/networking/nftables.txt
+++ b/nixos/profiles/networking/nftables.txt
@@ -179,7 +179,8 @@ table inet filter {
     iifname lo accept
     jump check-tcp
     jump limit-ping
-    ct state { established, related } accept
+    ct state established accept
+    ct state related counter accept
     jump input-connectivity
     ct state invalid counter drop
   }
@@ -199,7 +200,8 @@ table inet filter {
     policy drop
     oifname lo accept
     tcp flags syn tcp option maxseg size set rt mtu
-    ct state { established, related } accept
+    ct state established accept
+    ct state related counter accept
     jump output-connectivity
   }
 
@@ -231,6 +233,11 @@ table inet filter {
     type filter hook forward priority 0
     policy drop
   }
+
+  chain prerouting {
+    type filter hook prerouting priority filter
+    policy accept
+  }
 }
 table inet nat {
   chain prerouting {