Default policy at chain start
This commit is contained in:
parent
435c314a4a
commit
6da78c848d
|
@ -11,7 +11,7 @@ flush ruleset
|
|||
|
||||
table inet filter {
|
||||
chain input {
|
||||
type filter hook input priority 0
|
||||
type filter hook input priority 0; policy drop;
|
||||
|
||||
# loopback
|
||||
iifname lo accept
|
||||
|
@ -32,20 +32,15 @@ table inet filter {
|
|||
|
||||
# SSH from MiA/MiB
|
||||
tcp dport 22 ip saddr 83.149.165.216/29 ct state new limit rate 2/second accept
|
||||
|
||||
policy drop;
|
||||
}
|
||||
chain forward {
|
||||
type filter hook forward priority 0;
|
||||
policy drop
|
||||
type filter hook forward priority 0; policy drop;
|
||||
}
|
||||
chain output {
|
||||
type filter hook output priority 0;
|
||||
type filter hook output priority 0; policy accept;
|
||||
|
||||
# no SSH
|
||||
tcp dport 22 drop
|
||||
|
||||
policy accept
|
||||
}
|
||||
}' > /etc/nftables.conf
|
||||
systemctl restart nftables
|
||||
|
|
Loading…
Reference in New Issue