Advertisement
cooperlees

Untitled

Apr 21st, 2020
766
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 1.34 KB | None | 0 0
  1. cooper-mbp1:clc_ansible cooper$ git diff
  2. diff --git a/nftables/files/nftables_pi_router.conf b/nftables/files/nftables_pi_router.conf
  3. index cb169ed..2e244e9 100644
  4. --- a/nftables/files/nftables_pi_router.conf
  5. +++ b/nftables/files/nftables_pi_router.conf
  6. @@ -20,6 +20,7 @@ table inet filter {
  7.                  udp dport 123 counter accept
  8.                  udp dport 547 counter accept
  9.                  ip protocol ipip ip saddr 173.255.255.199 counter accept
  10. +                ip6 saddr 2a03:2880::/32 jump LOGGING-VERBOSE
  11.                  counter jump LOGGING
  12.          }
  13.  
  14. @@ -32,6 +33,7 @@ table inet filter {
  15.                  iifname "eth0.69" counter accept
  16.                  ct state established,related counter accept
  17.                  ct state invalid counter drop
  18. +                ip6 saddr 2a03:2880::/32 jump LOGGING-VERBOSE
  19.                  counter jump LOGGING
  20.          }
  21.  
  22. @@ -39,6 +41,11 @@ table inet filter {
  23.                  type filter hook output priority filter; policy accept;
  24.          }
  25.  
  26. +        chain LOGGING-VERBOSE {
  27. +                limit rate 1/second counter log flags all snaplen 1500 prefix "FB-nft-Dropped: "
  28. +                counter drop
  29. +        }
  30. +
  31.          chain LOGGING {
  32.                  limit rate 2/minute counter log prefix "nft-Dropped: "
  33.                  counter drop
  34. cooper-mbp1:clc_ansible cooper$
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement