From 4a5262a5d1039265cd3cbbfdacadfd97535d60bb Mon Sep 17 00:00:00 2001
From: giomba <giomba@linux.it>
Date: Tue, 18 Jun 2024 23:20:41 +0200
Subject: [PATCH] nftables: add configuration file.

---
 files/nftables.conf | 61 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 61 insertions(+)
 create mode 100644 files/nftables.conf

diff --git a/files/nftables.conf b/files/nftables.conf
new file mode 100644
index 0000000..c41dd3d
--- /dev/null
+++ b/files/nftables.conf
@@ -0,0 +1,61 @@
+#!/usr/sbin/nft -f
+
+#flush ruleset
+
+table ip filter {
+	chain INPUT {
+		type filter hook input priority 0; policy drop;
+		ct state related,established accept
+		meta l4proto ipv6-icmp accept
+		meta l4proto icmp accept
+
+		meta l4proto udp udp dport 53 accept
+
+		udp dport 53 accept
+		tcp dport 53 accept
+
+		udp dport 6666 accept
+		udp dport 51280 accept
+		
+		tcp dport 6073 accept
+		tcp dport 443 accept		
+		tcp dport 80 accept
+		tcp dport 22 accept
+
+		ip saddr 127.0.0.0/8 accept
+	}
+	chain FORWARD {
+		type filter hook forward priority 0; policy drop;
+	}
+	chain OUTPUT {
+		type filter hook output priority 0; policy accept;
+		tcp sport 25 drop
+	}
+}
+
+table ip6 filter {
+	chain INPUT {
+		type filter hook input priority 0; policy drop;
+		ct state related,established accept
+		meta l4proto ipv6-icmp accept
+
+		udp dport 53 accept
+		tcp dport 53 accept
+
+		tcp dport 6073 accept
+		tcp dport 443 accept
+		tcp dport 80 accept
+		tcp dport 22 accept
+
+		ip6 saddr ::1/128 accept
+		ip6 saddr 2001:470:c844::/48 accept
+	}
+	chain FORWARD {
+		type filter hook forward priority 0; policy accept;
+	}
+	chain OUTPUT {
+		type filter hook output priority 0; policy accept;
+		tcp sport 25 drop
+	}
+}
+