urosm
/
dot
1
0
Fork 0
Code

update `nftables` config

urosm 2024-07-07 22:10:41 +02:00
parent 08ad90ad3d
commit bacf5509bf
1 changed files with 5 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
.config/nftables.conf
View File

@ -4,14 +4,13 @@ flush ruleset
table inet filter { table inet filter {
chain input { chain input {
type filter hook input priority filter; policy drop; type filter hook input priority 0; policy drop;
iif lo accept comment "Accept localhost traffic" iif lo accept comment "Accept any localhost traffic"
ct state invalid drop comment "Drop invalid connections" ct state established,related accept comment "Accept trafic originated from us"
ct state established,related accept comment "Accept established and related connections"
meta l4proto { icmp, ipv6-icmp } accept comment "Accept ICMP/ICMPv6 traffic"
ip protocol igmp accept comment "Accept IGMP traffic"
meta l4proto { icmp, icmpv6 } accept comment "Accept ICMP/ICMPv6 traffic"
udp dport mdns accept comment "Accept mDNS" udp dport mdns accept comment "Accept mDNS"
tcp dport ipp accept comment "Accept IPP"
} }
} }