2024-06-18 21:20:41 +00:00
|
|
|
#!/usr/sbin/nft -f
|
|
|
|
|
|
|
|
|
|
#flush ruleset
|
|
|
|
|
|
|
|
|
|
table ip filter {
|
|
|
|
|
chain INPUT {
|
|
|
|
|
type filter hook input priority 0; policy drop;
|
|
|
|
|
ct state related,established accept
|
|
|
|
|
meta l4proto ipv6-icmp accept
|
|
|
|
|
meta l4proto icmp accept
|
|
|
|
|
|
|
|
|
|
meta l4proto udp udp dport 53 accept
|
|
|
|
|
|
|
|
|
|
udp dport 53 accept
|
|
|
|
|
tcp dport 53 accept
|
|
|
|
|
|
|
|
|
|
udp dport 6666 accept
|
|
|
|
|
udp dport 51280 accept
|
2024-06-18 21:40:23 +00:00
|
|
|
|
2024-06-18 21:20:41 +00:00
|
|
|
tcp dport 6073 accept
|
2024-06-18 21:40:23 +00:00
|
|
|
tcp dport 443 accept
|
2024-06-18 21:20:41 +00:00
|
|
|
tcp dport 80 accept
|
|
|
|
|
tcp dport 22 accept
|
|
|
|
|
|
|
|
|
|
ip saddr 127.0.0.0/8 accept
|
|
|
|
|
}
|
|
|
|
|
chain FORWARD {
|
|
|
|
|
type filter hook forward priority 0; policy drop;
|
|
|
|
|
}
|
|
|
|
|
chain OUTPUT {
|
|
|
|
|
type filter hook output priority 0; policy accept;
|
|
|
|
|
tcp sport 25 drop
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
table ip6 filter {
|
|
|
|
|
chain INPUT {
|
|
|
|
|
type filter hook input priority 0; policy drop;
|
|
|
|
|
ct state related,established accept
|
|
|
|
|
meta l4proto ipv6-icmp accept
|
|
|
|
|
|
|
|
|
|
udp dport 53 accept
|
|
|
|
|
tcp dport 53 accept
|
|
|
|
|
|
|
|
|
|
tcp dport 6073 accept
|
|
|
|
|
tcp dport 443 accept
|
|
|
|
|
tcp dport 80 accept
|
|
|
|
|
tcp dport 22 accept
|
|
|
|
|
|
|
|
|
|
ip6 saddr ::1/128 accept
|
|
|
|
|
ip6 saddr 2001:470:c844::/48 accept
|
|
|
|
|
}
|
|
|
|
|
chain FORWARD {
|
|
|
|
|
type filter hook forward priority 0; policy accept;
|
|
|
|
|
}
|
|
|
|
|
chain OUTPUT {
|
|
|
|
|
type filter hook output priority 0; policy accept;
|
|
|
|
|
tcp sport 25 drop
|
|
|
|
|
}
|
|
|
|
|
}
|
