summaryrefslogtreecommitdiff
path: root/hosts/vidhar/ruleset.nft
diff options
context:
space:
mode:
Diffstat (limited to 'hosts/vidhar/ruleset.nft')
-rw-r--r--hosts/vidhar/ruleset.nft71
1 files changed, 71 insertions, 0 deletions
diff --git a/hosts/vidhar/ruleset.nft b/hosts/vidhar/ruleset.nft
new file mode 100644
index 00000000..ae91af00
--- /dev/null
+++ b/hosts/vidhar/ruleset.nft
@@ -0,0 +1,71 @@
1table inet filter {
2 chain forward {
3 type filter hook forward priority filter
4 policy drop
5
6
7 iifname eno1 accept
8
9 ct state {established, related} accept
10
11 meta l4proto ipv6-icmp accept
12 meta l4proto icmp accept
13 meta l4proto igmp accept
14
15
16 log prefix "drop forward:"
17 counter
18 }
19
20 chain input {
21 type filter hook input priority filter
22 policy drop
23
24
25 iifname lo accept
26 iif != lo ip daddr 127.0.0.1/8 counter drop
27 iif != lo ip6 daddr ::1/128 counter drop
28
29 ct state {established, related} accept
30
31 tcp dport 22 accept
32 udp dport 51820 accept
33 udp dport 60000-61000 accept
34
35 meta l4proto ipv6-icmp accept
36 meta l4proto icmp accept
37 meta l4proto igmp accept
38
39 log prefix "drop input:"
40 counter
41 }
42
43 chain output {
44 type filter hook output priority filter
45 policy accept
46
47 counter
48 }
49}
50
51table ip nat {
52 chain postrouting {
53 type nat hook postrouting priority srcnat
54 policy accept
55
56 oifname dsl counter masquerade
57
58 counter
59 }
60}
61
62table inet mangle {
63 chain postrouting {
64 type filter hook postrouting priority mangle
65 policy accept
66
67 oifname dsl meta l4proto tcp tcp flags & (syn|rst) == syn counter tcp option maxseg size set rt mtu
68
69 counter
70 }
71} \ No newline at end of file
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-11 02:44:32 +0000