mirror of
https://github.com/GrapheneOS/infrastructure.git
synced 2025-11-22 07:50:40 -05:00
nftables: style fix
This commit is contained in:
Daniel Micay
parent
bafb23d0ec
commit
cb8701e6d7
1 changed files with 1 additions and 1 deletions
|
|
@ -49,7 +49,7 @@ table inet filter {
|
|||
fib daddr . iif type != { local, broadcast, multicast } counter drop
|
||||
|
||||
# IPv6 interacts badly with IP-based spam filtering
|
||||
meta nfproto ipv6 tcp dport {80, 443} drop
|
||||
meta nfproto ipv6 tcp dport { 80, 443 } drop
|
||||
|
||||
# handle new TCP connections beyond rate limit via synproxy to avoid conntrack table exhaustion
|
||||
tcp dport $tcp-ports-full tcp flags syn limit rate over {{synproxy_threshold}}/second burst {{synproxy_threshold}} packets counter notrack accept
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue