Maurice/alpine-server-setup
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Adguard added

Browse Source
This commit is contained in:
Maurice
2025-09-29 21:09:22 +02:00
parent 5491663d86
commit 9d600ffbcf
5 changed files with 312 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
services/firewall/rules.nft
View File

@@ -70,10 +70,19 @@ table inet firewall {
ip saddr $lan_net tcp dport 22 accept # Allow SSH from LAN network
# AdGuard admin access (8888) only from LAN and VPN
ip saddr $lan_net tcp dport 8888 accept
ip saddr $vpn_net tcp dport 8888 accept
# AdGuard DNS, DHCP, DoT, DoQ ports only from LAN
ip saddr $lan_net udp dport { 53, 67, 68, 784 } accept
ip saddr $lan_net tcp dport { 53, 853 } accept
# Rules for WAN interface only
# iifname $wan tcp dport 22 limit rate 10/minute accept # Rate limit SSH (port 22) to 10 connections per minute from WAN
iifname $wan udp dport 51820 accept # Allow Wireguard incoming from WAN
# iifname $wan tcp dport 22 limit rate 10/minute accept # Rate limit SSH (port 22) to 10 connections per minute from WAN
# Rules for VPN interface only
iifname $vpn tcp dport 22 accept # Allow SSH from VPN
}