31 lines
841 B
Plaintext
Executable File
31 lines
841 B
Plaintext
Executable File
#!/usr/sbin/nft -f
|
|
flush ruleset
|
|
|
|
table inet filter {
|
|
chain input {
|
|
type filter hook input priority 0; policy drop; comment "Drop all inbound traffic by default"
|
|
|
|
iif lo accept comment "Accept loopback traffic"
|
|
ct state invalid drop comment "Drop invalid connections"
|
|
ct state established,related accept comment "Accept established and related connections"
|
|
meta l4proto { icmp, ipv6-icmp } accept comment "Accept ICMP/ICMPv6 traffic"
|
|
|
|
tcp dport ssh accept comment "Accept SSH on port 22"
|
|
udp dport 1194 accept comment "Accept VPN on port 1194"
|
|
}
|
|
chain forward {
|
|
type filter hook forward priority 0; policy drop;
|
|
iifname "padova" accept
|
|
}
|
|
}
|
|
|
|
table inet nat {
|
|
chain prerouting {
|
|
type nat hook prerouting priority -100;
|
|
}
|
|
chain postrouting {
|
|
type nat hook postrouting priority 100;
|
|
oifname "eth0" masquerade
|
|
}
|
|
}
|