raanima/voidlinux_V2
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
voidlinux_V2/nftables

14 lines
925 B
Bash
Raw Blame History

#!/bin/bash
nft flush ruleset
nft add table ip filter
nft add chain ip filter INPUT { type filter hook input priority 0 \; policy accept \; }
nft add chain ip filter FORWARD { type filter hook forward priority 0 \; policy accept \; }
nft add chain ip filter OUTPUT { type filter hook output priority 0 \; policy accept \; }
#---------------------Type filter INPUT Chain (for ipv4)-----------------------------------------
nft add rule ip filter INPUT iifname "lo" counter accept
nft add rule ip filter INPUT ct state invalid counter drop
nft add rule ip filter INPUT ct state {established, related} counter accept
nft add rule ip filter INPUT iifname "ens33" ip saddr 192.168.8.235/24 tcp dport { 80,443} counter accept
nft add rule ip filter INPUT iifname "ens33" ip saddr 192.168.8.235/24 udp dport 53 counter accept
nft add rule ip filter INPUT ip protocol icmp counter drop
nft add rule ip filter INPUT counter drop
Reference in a new issue View git blame Copy permalink