21 lines
446 B
Plaintext
21 lines
446 B
Plaintext
#!/usr/sbin/nft -f
|
|
|
|
flush ruleset
|
|
|
|
table inet filter {
|
|
chain input {
|
|
type filter hook input priority 0;
|
|
iif lo accept
|
|
ct state established,related accept
|
|
tcp dport { 22, 22, 80, 443, 8140 } ct state new accept
|
|
icmp type { 0, 3, 8, 11, 12 } accept
|
|
icmpv6 type { 1, 3, 4, 128, 129 } accept
|
|
counter drop
|
|
}
|
|
chain forward {
|
|
type filter hook forward priority filter;
|
|
}
|
|
chain output {
|
|
type filter hook output priority filter;
|
|
}
|
|
} |