Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- cooper-mbp1:clc_ansible cooper$ git diff
- diff --git a/nftables/files/nftables_pi_router.conf b/nftables/files/nftables_pi_router.conf
- index cb169ed..2e244e9 100644
- --- a/nftables/files/nftables_pi_router.conf
- +++ b/nftables/files/nftables_pi_router.conf
- @@ -20,6 +20,7 @@ table inet filter {
- udp dport 123 counter accept
- udp dport 547 counter accept
- ip protocol ipip ip saddr 173.255.255.199 counter accept
- + ip6 saddr 2a03:2880::/32 jump LOGGING-VERBOSE
- counter jump LOGGING
- }
- @@ -32,6 +33,7 @@ table inet filter {
- iifname "eth0.69" counter accept
- ct state established,related counter accept
- ct state invalid counter drop
- + ip6 saddr 2a03:2880::/32 jump LOGGING-VERBOSE
- counter jump LOGGING
- }
- @@ -39,6 +41,11 @@ table inet filter {
- type filter hook output priority filter; policy accept;
- }
- + chain LOGGING-VERBOSE {
- + limit rate 1/second counter log flags all snaplen 1500 prefix "FB-nft-Dropped: "
- + counter drop
- + }
- +
- chain LOGGING {
- limit rate 2/minute counter log prefix "nft-Dropped: "
- counter drop
- cooper-mbp1:clc_ansible cooper$
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement