urosm
/
dot
1
0
Fork 0
Code

update `nftables.conf` config

padova
urosm 2024-06-11 22:57:46 +00:00
parent 19b00f17d5
commit 0abb6e1a2b
1 changed files with 5 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
.config/nftables.conf
View File

@ -2,17 +2,16 @@
flush ruleset flush ruleset
table inet filter { table inet filter {
chain inbound { chain input {
type filter hook input priority 0; policy drop; type filter hook input priority 0; policy drop; comment "Drop all inbound traffic by default"
iif lo accept comment "Accept loopback traffic" iif lo accept comment "Accept loopback traffic"
meta l4proto { icmp, ipv6-icmp } accept comment "Accept all icmp/icmpv6 traffic" ct state invalid drop comment "Drop invalid connections"
ct state vmap { established : accept, related : accept, invalid : drop } comment "Allow traffic from established and related connections, drop invalid" ct state established,related accept comment "Accept established and related connections"
meta l4proto { icmp, ipv6-icmp } accept comment "Accept ICMP/ICMPv6 traffic"
tcp dport ssh accept comment "Accept SSH on port 22" tcp dport ssh accept comment "Accept SSH on port 22"
udp dport 1194 accept comment "Accept VPN on port 1194" udp dport 1194 accept comment "Accept VPN on port 1194"
# log prefix "[nftables] Inbound Denied: " counter drop comment "Log denied traffic"
} }
chain forward { chain forward {
type filter hook forward priority 0; policy drop; type filter hook forward priority 0; policy drop;