Aurelien
/
dm4
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix firewall

This commit is contained in:
Aurelien Rebourg 2023-05-24 04:20:06 +02:00
parent f4e1e4da23
commit f19d0a8d11
Signed by: Aurelien
GPG Key ID: F02826677ABB98C1
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
roles/securing/templates/nftables.conf.j2
View File

@ -2,7 +2,7 @@ table ip6 filter {
chain input {
type filter hook input priority filter; policy drop;
iifname "lo" accept
log prefix "Dropped ipv6: " flags all drop
log prefix "Dropped ipv6: " flags all
}
chain forward {
@ -11,8 +11,8 @@ table ip6 filter {
chain output {
type filter hook output priority filter; policy drop;
iifname "lo" accept
log prefix "Dropped ipv6: " flags all drop
oifname "lo" accept
log prefix "Dropped ipv6: " flags all
}
}
@ -23,6 +23,7 @@ table ip filter {
ip protocol icmp icmp type echo-request accept
icmpv6 type { echo-request, nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert } accept
tcp dport { 22, 80, 443, 10000 } accept
iifname "lo" accept
log prefix "Dropped ipv4: " flags all drop
}