Maurice/alpine-server-setup
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Changes

Browse Source
This commit is contained in:
Maurice
2025-09-29 20:09:07 +02:00
parent 054ec35a98
commit 3d6fa064ae
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
services/firewall/rules.nft
View File

@@ -5,7 +5,7 @@ define vpn = wg0
define vpn_net = 10.0.0.0/24 define vpn_net = 10.0.0.0/24
define lan_net = 192.168.2.0/24 define lan_net = 192.168.2.0/24
define icmpv4 = { define icmpv4_basic = {
echo-reply, # type 0 / ping echo-reply, # type 0 / ping
echo-request, # type 8 / ping echo-request, # type 8 / ping
destination-unreachable, # type 3 destination-unreachable, # type 3
@@ -53,9 +53,9 @@ table inet firewall {
iif lo accept # allow traffic from loopback interface iif lo accept # allow traffic from loopback interface
# Limit and accept ICMP packets # Limit and accept ICMP packets
ip protocol icmp icmp type $allowed_icmp limit rate 1/second burst 5 packets accept ip protocol icmp icmp type $icmpv4_basic limit rate 1/second burst 5 packets accept
ip6 nexthdr icmpv6 icmpv6 type $icmpv6_basic limit rate 1/second burst 5 packets accept ip6 nexthdr icmpv6 icmpv6 type $icmpv6_basic limit rate 1/second burst 5 packets accept
ip6 nexthdr icmpv6 icmpv6 type $icmpv6_slaac hoplimit 255 accept icmpv6 type $icmpv6_slaac limit rate 1/second burst 5 packets ip6 hoplimit 255 accept
# Rules for all interfaces # Rules for all interfaces
tcp dport { 80, 443 } accept # Allow http and https for all interfaces tcp dport { 80, 443 } accept # Allow http and https for all interfaces