Maurice/alpine-server-setup
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix firewall

Browse Source
This commit is contained in:
Maurice
2025-09-30 20:58:52 +02:00
parent ece655263e
commit b53ccf296d
2 changed files with 11 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
services/firewall/rules.nft
View File

@@ -68,15 +68,19 @@ table inet firewall {
ip saddr $lan_net tcp dport 22 accept # Allow SSH from LAN network
# AdGuard admin access (8888) only from LAN and VPN
# AdGuard admin access (8888) accept for LAN and VPN
ip saddr { $lan_net, $vpn_net } tcp dport 8888 accept
ip6 saddr $lan_net6 tcp dport 8888 accept
# Adguard DNS, DHCP, DoT, DoQ ports only from LAN and VPN
ip saddr { $lan_net, $vpn_net} udp dport { 53, 67, 68, 784 } accept
ip saddr { $lan_net, $vpn_net} tcp dport { 53, 853 } accept
ip6 saddr $lan_net6 udp dport { 53, 67, 68, 784 } accept
ip6 saddr $lan_net6 tcp dport { 53, 853 } accept
# Adguard DHCP, DoT, DoQ ports
udp dport { 67, 68, 784 } accept
tcp dport { 853 } accept
# Allow DNS from LAN and VPN
ip saddr { $lan_net, $vpn_net } udp dport 53 accept
ip6 saddr $lan_net6 udp dport 53 accept
ip saddr { $lan_net, $vpn_net } tcp dport 53 accept
ip6 saddr $lan_net6 tcp dport 53 accept
# Rules for WAN interface only
iifname $wan udp dport 51820 accept # Allow Wireguard incoming from WAN