Redundant rules
This commit is contained in:
parent
eeda716b9b
commit
e6553c3370
1 changed files with 6 additions and 7 deletions
|
@ -126,10 +126,10 @@ in {
|
||||||
}
|
}
|
||||||
# maybe tailnet?
|
# maybe tailnet?
|
||||||
|
|
||||||
chain my_input_lan {
|
# chain my_input_lan {
|
||||||
udp sport 1900 udp dport >= 1024 meta pkttype unicast limit rate 4/second burst 20 packets accept comment "Accept UPnP IGD port mapping reply"
|
# udp sport 1900 udp dport >= 1024 meta pkttype unicast limit rate 4/second burst 20 packets accept comment "Accept UPnP IGD port mapping reply"
|
||||||
udp sport netbios-ns udp dport >= 1024 meta pkttype unicast accept comment "Accept Samba Workgroup browsing replies"
|
# udp sport netbios-ns udp dport >= 1024 meta pkttype unicast accept comment "Accept Samba Workgroup browsing replies"
|
||||||
}
|
# }
|
||||||
|
|
||||||
chain input {
|
chain input {
|
||||||
type filter hook input priority 0; policy drop;
|
type filter hook input priority 0; policy drop;
|
||||||
|
@ -145,11 +145,10 @@ in {
|
||||||
udp dport mdns ip6 daddr ff02::fb accept comment "Accept mDNS"
|
udp dport mdns ip6 daddr ff02::fb accept comment "Accept mDNS"
|
||||||
udp dport mdns ip daddr 224.0.0.251 accept comment "Accept mDNS"
|
udp dport mdns ip daddr 224.0.0.251 accept comment "Accept mDNS"
|
||||||
|
|
||||||
ip6 saddr @LANv6 jump my_input_lan comment "Connections from private IP address ranges"
|
# ip6 saddr @LANv6 jump my_input_lan comment "Connections from private IP address ranges"
|
||||||
ip saddr @LANv4 jump my_input_lan comment "Connections from private IP address ranges"
|
# ip saddr @LANv4 jump my_input_lan comment "Connections from private IP address ranges"
|
||||||
|
|
||||||
iifname "${lan}" accept comment "Allow local network to access the router"
|
iifname "${lan}" accept comment "Allow local network to access the router"
|
||||||
|
|
||||||
iifname "${wan}" counter drop comment "Drop all other unsolicited traffic from wan"
|
iifname "${wan}" counter drop comment "Drop all other unsolicited traffic from wan"
|
||||||
}
|
}
|
||||||
chain forward {
|
chain forward {
|
||||||
|
|
Loading…
Reference in a new issue