Permalink
Cannot retrieve contributors at this time
Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.
Sign up
Fetching contributors…
Cannot retrieve contributors at this time
| #!/usr/sbin/nft -f | |
| # basic nftables configuration | |
| flush ruleset | |
| table inet filter { | |
| chain input { | |
| type filter hook input priority 0; policy drop; | |
| # accept any localhost traffic | |
| iif lo accept | |
| # accept traffic originated from us | |
| ct state established,related accept | |
| {% if nftables_tcp_ports %} | |
| # tcp | |
| tcp dport { {{ nftables_tcp_ports | join(", ") }} } ct state new accept | |
| {% endif %} | |
| {% if nftables_udp_ports %} | |
| # udp | |
| udp dport { {{ nftables_udp_ports | join(",") }} } accept | |
| {% endif %} | |
| # accept pings | |
| ip protocol icmp icmp type echo-request limit rate 10/second accept | |
| } | |
| } # note that the newline after this is VERY IMPORTANT |