14 lines
No EOL
925 B
Bash
14 lines
No EOL
925 B
Bash
#!/bin/bash
|
|
nft flush ruleset
|
|
nft add table ip filter
|
|
nft add chain ip filter INPUT { type filter hook input priority 0 \; policy accept \; }
|
|
nft add chain ip filter FORWARD { type filter hook forward priority 0 \; policy accept \; }
|
|
nft add chain ip filter OUTPUT { type filter hook output priority 0 \; policy accept \; }
|
|
#---------------------Type filter INPUT Chain (for ipv4)-----------------------------------------
|
|
nft add rule ip filter INPUT iifname "lo" counter accept
|
|
nft add rule ip filter INPUT ct state invalid counter drop
|
|
nft add rule ip filter INPUT ct state {established, related} counter accept
|
|
nft add rule ip filter INPUT iifname "ens33" ip saddr 192.168.8.235/24 tcp dport { 80,443} counter accept
|
|
nft add rule ip filter INPUT iifname "ens33" ip saddr 192.168.8.235/24 udp dport 53 counter accept
|
|
nft add rule ip filter INPUT ip protocol icmp counter drop
|
|
nft add rule ip filter INPUT counter drop |