Aurelien
/
dm4
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
dm4/roles/securing/templates/nftables.conf.j2

39 lines
923 B
Django/Jinja
Raw Permalink Blame History

table ip6 filter {
chain input {
type filter hook input priority filter; policy drop;
iifname "lo" accept
log prefix "Dropped ipv6: " flags all
}
chain forward {
type filter hook forward priority filter; policy accept;
}
chain output {
type filter hook output priority filter; policy drop;
oifname "lo" accept
log prefix "Dropped ipv6: " flags all
}
}
table ip filter {
chain input {
type filter hook input priority filter; policy drop;
ct state established,related accept
ip protocol icmp icmp type echo-request accept
icmpv6 type { echo-request, nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert } accept
tcp dport { 22, 80, 443, 10000 } accept
iifname "lo" accept
log prefix "Dropped ipv4: " flags all drop
}
chain forward {
type filter hook forward priority filter; policy accept;
}
chain output {
type filter hook output priority filter; policy accept;
}
}
Reference in New Issue View Git Blame Copy Permalink