From e685f060bd7796e1f962eec6ebf40452f59b6306 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Wed, 8 Dec 2021 22:15:25 +0100 Subject: vidhar: nftables... --- hosts/vidhar/ruleset.nft | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'hosts') diff --git a/hosts/vidhar/ruleset.nft b/hosts/vidhar/ruleset.nft index fec7b536..85094647 100644 --- a/hosts/vidhar/ruleset.nft +++ b/hosts/vidhar/ruleset.nft @@ -9,6 +9,9 @@ table inet filter { policy drop + ct state invalid counter drop + + iifname eno1 oifname dsl counter accept iifname dsl oifname eno1 ct state {established, related} counter accept @@ -31,6 +34,9 @@ table inet filter { policy drop + ct state invalid counter drop + + iifname lo counter accept iif != lo ip daddr 127.0.0.1/8 counter reject iif != lo ip6 daddr ::1/128 counter reject -- cgit v1.2.3