firewall: update docker input traffic saddr

Instead of allowing the entire `172/8` block which includes more than we actually want, appropriately limit to the `172.16/12`. Signed-off-by: Kenny Ballou <kballou@devnulllabs.io>
author: Kenny Ballou <kballou@devnulllabs.io> 2019-07-18 05:56:30 -0600
committer: Kenny Ballou <kballou@devnulllabs.io> 2019-07-18 05:56:30 -0600
commit: cace371fa291bffd48ea3310a496762a9ba29559 (patch)
tree: 29055ed2deeec89b942c529e1df571c6272b56e6 /services
parent: 4ab6e2130b36505f33fcf4c1f87af1d001c47818 (diff)
download: cfg.nix-cace371fa291bffd48ea3310a496762a9ba29559.tar.gz
cfg.nix-cace371fa291bffd48ea3310a496762a9ba29559.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/services/nftables-rules.nft b/services/nftables-rules.nft
index be39d0b..3635100 100644
--- a/services/nftables-rules.nft
+++ b/services/nftables-rules.nft
@@ -8,7 +8,7 @@ table inet filter {
         iif != lo ip6 daddr ::1/128 counter drop
         ip protocol icmp counter accept
         ip6 nexthdr ipv6-icmp counter accept
-        udp dport domain ip saddr 172.0.0.1/8 counter accept
+        udp dport domain ip saddr 172.16.0.0/12 counter accept
         tcp dport 8000 ip saddr 127.0.0.1/8 counter accept
         tcp dport http-alt ip saddr 127.0.0.1/8 counter accept
         tcp dport ssh counter accept
author	Kenny Ballou <kballou@devnulllabs.io>	2019-07-18 05:56:30 -0600
committer	Kenny Ballou <kballou@devnulllabs.io>	2019-07-18 05:56:30 -0600
commit	cace371fa291bffd48ea3310a496762a9ba29559 (patch)
tree	29055ed2deeec89b942c529e1df571c6272b56e6 /services
parent	4ab6e2130b36505f33fcf4c1f87af1d001c47818 (diff)
download	cfg.nix-cace371fa291bffd48ea3310a496762a9ba29559.tar.gz cfg.nix-cace371fa291bffd48ea3310a496762a9ba29559.tar.xz