29 lines
575 B
Plaintext
29 lines
575 B
Plaintext
#!/usr/bin/nft -f
|
|
|
|
destroy table inet filter;
|
|
table inet filter {
|
|
chain input {
|
|
type filter hook input priority filter; policy drop;
|
|
|
|
ct state invalid counter drop
|
|
ct state {established, related} counter accept
|
|
|
|
iif "lo" counter accept
|
|
ip protocol {icmp,icmpv6} counter accept
|
|
|
|
counter meta nftrace set 1 comment "dropped"
|
|
}
|
|
|
|
chain forward {
|
|
type filter hook forward priority filter; policy drop;
|
|
|
|
counter meta nftrace set 1 comment "dropped"
|
|
}
|
|
|
|
chain output {
|
|
type filter hook output priority filter; policy accept;
|
|
|
|
counter comment "accepted"
|
|
}
|
|
}
|