Arx/eve-lite-os
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
eve-lite-os/system_files/usr/etc/nftables/main.nft

32 lines
634 B
Text
Raw Blame History

#!/usr/sbin/nft -f
flush ruleset
table inet filter {
chain input {
type filter hook input priority filter; policy drop;
# Allow established/related
ct state established,related accept
# Allow loopback
iface lo accept
# Allow SSH
tcp dport 22 accept
# Allow ping
icmp type echo-request accept
icmpv6 type echo-request accept
# Drop everything else
}
chain forward {
type filter hook forward priority filter; policy drop;
}
chain output {
type filter hook output priority filter; policy accept;
}
}
Reference in a new issue View git blame Copy permalink