mermet: nftables: use meta l4proto

author Julien Moutinho <julm+sourcephile-nix@sourcephile.fr>

Fri, 19 Aug 2022 21:06:32 +0000 (23:06 +0200)

committer Julien Moutinho <julm+sourcephile-nix@sourcephile.fr>

Fri, 19 Aug 2022 21:06:32 +0000 (23:06 +0200)
author Julien Moutinho <julm+sourcephile-nix@sourcephile.fr>
Fri, 19 Aug 2022 21:06:32 +0000 (23:06 +0200)
committer Julien Moutinho <julm+sourcephile-nix@sourcephile.fr>
Fri, 19 Aug 2022 21:06:32 +0000 (23:06 +0200)
diff --git a/hosts/mermet/unbound.nix b/hosts/mermet/unbound.nix

index 0f983b50bf30aaf775ea707014cf2608355f8af4..d35e8dbedaae4ee9e0eabfd28297a46cfa62ebaa 100644 (file)
--- a/hosts/mermet/unbound.nix
+++ b/hosts/mermet/unbound.nix
@@ -136,8 +136,7 @@ services.unbound = {
    };
  };
  networking.nftables.ruleset = ''
-  add rule inet filter fw2net tcp dport 53 skuid ${users.unbound.name} counter accept comment "Unbound"
-  add rule inet filter fw2net udp dport 53 skuid ${users.unbound.name} counter accept comment "Unbound"
+  add rule inet filter fw2net meta l4proto { udp, tcp } th dport 53 skuid ${users.unbound.name} counter accept comment "Unbound"
  '';
  systemd.services.unbound = {
    serviceConfig = {
author	Julien Moutinho <julm+sourcephile-nix@sourcephile.fr>
	Fri, 19 Aug 2022 21:06:32 +0000 (23:06 +0200)
committer	Julien Moutinho <julm+sourcephile-nix@sourcephile.fr>
	Fri, 19 Aug 2022 21:06:32 +0000 (23:06 +0200)