2024-04-28 18:01:42 +02:00
|
|
|
#!/usr/sbin/nft -f
|
|
|
|
|
|
|
|
|
|
flush ruleset
|
|
|
|
|
|
|
|
|
|
table inet filter {
|
2024-06-12 00:47:39 +02:00
|
|
|
chain input {
|
2024-07-07 22:10:41 +02:00
|
|
|
type filter hook input priority 0; policy drop;
|
2024-06-12 00:47:39 +02:00
|
|
|
|
2024-07-07 22:10:41 +02:00
|
|
|
iif lo accept comment "Accept any localhost traffic"
|
|
|
|
|
ct state established,related accept comment "Accept trafic originated from us"
|
2024-06-12 00:47:39 +02:00
|
|
|
|
2024-07-07 22:10:41 +02:00
|
|
|
meta l4proto { icmp, icmpv6 } accept comment "Accept ICMP/ICMPv6 traffic"
|
2024-06-12 00:47:39 +02:00
|
|
|
udp dport mdns accept comment "Accept mDNS"
|
2024-07-07 22:10:41 +02:00
|
|
|
tcp dport ipp accept comment "Accept IPP"
|
2024-06-12 00:47:39 +02:00
|
|
|
}
|
2024-04-28 18:01:42 +02:00
|
|
|
}
|
