47 lines
995 B
Modula-2
47 lines
995 B
Modula-2
# generic variables
|
|
define NET_V6_LINK_LOCAL = fe80::/10
|
|
define NET_V6_UNIQUE_LOCAL = fc00::/7
|
|
|
|
# interface groups
|
|
define IIFGROUP_ETHERNET = 1
|
|
define IIFGROUP_VPN = 2
|
|
|
|
# private network sets
|
|
define SET_PRIVATE_NETS_V4 = {
|
|
10.0.0.0/8,
|
|
169.254.0.0/16,
|
|
172.16.0.0/12,
|
|
192.168.0.0/16
|
|
}
|
|
|
|
define SET_PRIVATE_NETS_V6 = {
|
|
$NET_V6_LINK_LOCAL,
|
|
$NET_V6_UNIQUE_LOCAL
|
|
}
|
|
|
|
define SET_ALLOW_ICMP_V4 = {
|
|
echo-reply,
|
|
destination-unreachable,
|
|
source-quench,
|
|
echo-request,
|
|
router-advertisement,
|
|
router-solicitation,
|
|
time-exceeded
|
|
}
|
|
|
|
# types additional to the rfc4890 chain
|
|
define SET_ALLOW_ICMP_V6 = { }
|
|
|
|
# log format (log-{drop,reject} / log-{drop,reject}-nf)
|
|
# see log.nft for details
|
|
define CHAIN_LOG_DISPATCH_DROP = log-drop
|
|
define CHAIN_LOG_DISPATCH_REJECT = log-reject
|
|
|
|
# service definitions for easy access
|
|
## syncthing
|
|
define DPORT_TCP_SYNCTHING = 22000
|
|
define DPORT_UDP_SYNCTHING = 21027
|
|
## wireguard
|
|
define DPORT_TCP_WIREGUARD = 51820
|
|
## magic-wormhole
|
|
define DPORT_TCP_WORMHOLE = 4000-4001
|