diff options
| -rw-r--r-- | config/shione/nftables/files/etc/nftables.conf | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/config/shione/nftables/files/etc/nftables.conf b/config/shione/nftables/files/etc/nftables.conf index ed6634b..516718d 100644 --- a/config/shione/nftables/files/etc/nftables.conf +++ b/config/shione/nftables/files/etc/nftables.conf @@ -5,6 +5,9 @@ flush ruleset define eth_iface = enp1s0 define wg_iface = wg0 define wg_port = 51820 +define dns_port = 53 +define srt_input_udp_port = 60001 +define srt_output_port = 60000 table inet filter { chain input_ipv4 { @@ -36,8 +39,11 @@ table inet filter { # ip saddr 10.8.0.0/32 # Allow VPN to use DNS. - tcp dport { 53 } accept - udp dport { 53 } accept + tcp dport { $dns_port } accept + udp dport { + $dns_port, + $srt_input_udp_port, + } accept } chain input { @@ -58,6 +64,10 @@ table inet filter { https, } accept + udp dport { + $srt_output_port, + } accept + # allow loopback traffic, anything else jump to chain for further evaluation iifname vmap { lo : accept, $eth_iface : jump input_world, $wg_iface : jump input_vpn } |