argilla
/
infra
8
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
infra/files/nftables.conf

62 lines
1.1 KiB
Plaintext
Raw Blame History

#!/usr/sbin/nft -f
#flush ruleset
table ip filter {
chain INPUT {
type filter hook input priority 0; policy drop;
ct state related,established accept
meta l4proto ipv6-icmp accept
meta l4proto icmp accept
meta l4proto udp udp dport 53 accept
udp dport 53 accept
tcp dport 53 accept
udp dport 6666 accept
udp dport 51280 accept
tcp dport 6073 accept
tcp dport 443 accept
tcp dport 80 accept
tcp dport 22 accept
ip saddr 127.0.0.0/8 accept
}
chain FORWARD {
type filter hook forward priority 0; policy drop;
}
chain OUTPUT {
type filter hook output priority 0; policy accept;
tcp sport 25 drop
}
}
table ip6 filter {
chain INPUT {
type filter hook input priority 0; policy drop;
ct state related,established accept
meta l4proto ipv6-icmp accept
udp dport 53 accept
tcp dport 53 accept
tcp dport 6073 accept
tcp dport 443 accept
tcp dport 80 accept
tcp dport 22 accept
ip6 saddr ::1/128 accept
ip6 saddr 2001:470:c844::/48 accept
}
chain FORWARD {
type filter hook forward priority 0; policy accept;
}
chain OUTPUT {
type filter hook output priority 0; policy accept;
tcp sport 25 drop
}
}
Reference in New Issue View Git Blame Copy Permalink