diff options
Diffstat (limited to 'roles/space_server/files/nftables')
-rw-r--r-- | roles/space_server/files/nftables/nftables.conf | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/roles/space_server/files/nftables/nftables.conf b/roles/space_server/files/nftables/nftables.conf index d33a7bf..5f2f1b3 100644 --- a/roles/space_server/files/nftables/nftables.conf +++ b/roles/space_server/files/nftables/nftables.conf @@ -6,6 +6,12 @@ define labitat = 185.38.172.72 define spacewand4 = 185.38.175.70 define spacewand6 = 2a01:4262:1ab::cafe +define spacebrain4 = 185.38.175.69 +define spacebrain6 = 2a01:4262:1ab::db + +define labservers4 = { $spacewand4, $spacebrain4 } +define labservers6 = { $spacewand6, $spacebrain6 } + # internal stuff define ext_if = wan define ext_ip4 = 185.38.175.0 @@ -102,8 +108,8 @@ table ip filter { ct state established,related accept ct state invalid drop - # accept all traffic to spacewand - ip daddr $spacewand4 accept + # accept all traffic to Labitat servers + ip daddr $labservers4 accept ip saddr $labitat udp dport 161 counter accept # traffic stats @@ -164,8 +170,8 @@ table ip6 filter { ct state established,related accept ct state invalid drop - # accept all traffic to spacewand - ip6 daddr $spacewand6 accept + # accept all traffic to Labitat servers + ip6 daddr $labservers6 accept iif $wire_if ip6 saddr $wire_net6 accept iif $priv_if ip6 saddr $priv_net6 accept |