il/ilnmors-homelab
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(nftables): update fw nftables to allow vpn connection regardless of crowdsec ban

Browse Source
This commit is contained in:
Il Lee
2026-05-07 09:22:49 +09:00
parent f697715065
commit 3b4b56f53f
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
config/node/fw/nftables.conf.j2
+2
View File
@@ -82,6 +82,8 @@ table inet filter {
chain global { chain global {
# invalid packets # invalid packets
ct state invalid drop comment "deny invalid connection" ct state invalid drop comment "deny invalid connection"
# VPN connection exception handling
udp dport $PORTS_VPN return comment "return vpn connection to input and forward chain"
# crowdsec # crowdsec
ip saddr @crowdsec-blacklists counter drop comment "deny all crowdsec blacklist" ip saddr @crowdsec-blacklists counter drop comment "deny all crowdsec blacklist"
ip6 saddr @crowdsec6-blacklists counter drop comment "deny all ipv6 crowdsec blacklist" ip6 saddr @crowdsec6-blacklists counter drop comment "deny all ipv6 crowdsec blacklist"