update `nftables` config
parent
08ad90ad3d
commit
bacf5509bf
|
@ -4,14 +4,13 @@ flush ruleset
|
|||
|
||||
table inet filter {
|
||||
chain input {
|
||||
type filter hook input priority filter; policy drop;
|
||||
type filter hook input priority 0; policy drop;
|
||||
|
||||
iif lo accept comment "Accept localhost traffic"
|
||||
ct state invalid drop comment "Drop invalid connections"
|
||||
ct state established,related accept comment "Accept established and related connections"
|
||||
meta l4proto { icmp, ipv6-icmp } accept comment "Accept ICMP/ICMPv6 traffic"
|
||||
ip protocol igmp accept comment "Accept IGMP traffic"
|
||||
iif lo accept comment "Accept any localhost traffic"
|
||||
ct state established,related accept comment "Accept trafic originated from us"
|
||||
|
||||
meta l4proto { icmp, icmpv6 } accept comment "Accept ICMP/ICMPv6 traffic"
|
||||
udp dport mdns accept comment "Accept mDNS"
|
||||
tcp dport ipp accept comment "Accept IPP"
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue