urosm
/
dot
1
0
Fork 0
Code

update `nftables.conf` config

padova
urosm 2024-06-11 22:57:46 +00:00
parent 19b00f17d5
commit 0abb6e1a2b
1 changed files with 5 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
.config/nftables.conf
View File

@ -2,17 +2,16 @@
flush ruleset
table inet filter {
chain inbound {
type filter hook input priority 0; policy drop;
chain input {
type filter hook input priority 0; policy drop; comment "Drop all inbound traffic by default"
iif lo accept comment "Accept loopback traffic"
meta l4proto { icmp, ipv6-icmp } accept comment "Accept all icmp/icmpv6 traffic"
ct state vmap { established : accept, related : accept, invalid : drop } comment "Allow traffic from established and related connections, drop invalid"
ct state invalid drop comment "Drop invalid connections"
ct state established,related accept comment "Accept established and related connections"
meta l4proto { icmp, ipv6-icmp } accept comment "Accept ICMP/ICMPv6 traffic"
tcp dport ssh accept comment "Accept SSH on port 22"
udp dport 1194 accept comment "Accept VPN on port 1194"
# log prefix "[nftables] Inbound Denied: " counter drop comment "Log denied traffic"
}
chain forward {
type filter hook forward priority 0; policy drop;