ctucx.git: nixfiles

ctucx' nixfiles

commit dae33715f2f01eb5ea81aff599f4667deb186ab1
parent a80ff59a6394389afe0b2e9ddb5b635a85732def
Author: Leah (ctucx) <leah@ctu.cx>
Date: Tue, 10 May 2022 13:48:49 +0200

machines/lollo/router: drop incomming netbios traffic

1 file changed, 4 insertions(+), 0 deletions(-)
M
machines/lollo/router/ruleset.nft
|
4
++++
diff --git a/machines/lollo/router/ruleset.nft b/machines/lollo/router/ruleset.nft
@@ -57,6 +57,10 @@ table inet firewall {
         ip6 nexthdr ipv6-icmp limit rate 5/second accept
         ip protocol igmp limit rate 5/second accept
 
+        # drop incomming netbios traffic
+        tcp dport {139, 445} counter drop comment "silently drop NetBios"
+        udp dport {137, 138} counter drop comment "silently drop NetBios"
+
         #make public ips world accessible 
         ip daddr 195.39.246.33/28 accept
     }