16 lines
399 B
Plaintext
Executable File
16 lines
399 B
Plaintext
Executable File
#!/usr/sbin/nft -f
|
|
|
|
flush ruleset
|
|
|
|
table inet filter {
|
|
chain input {
|
|
type filter hook input priority filter; policy drop;
|
|
# accept any localhost traffic
|
|
iif lo accept
|
|
# accept traffic originated from us
|
|
ct state established,related accept
|
|
# accept neighbour discovery otherwise connectivity breaks
|
|
icmpv6 type { nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert } accept
|
|
}
|
|
}
|