| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960 |
- #!/usr/sbin/nft -f
- #
- # Example nftables configuration for letmein.
- #
- flush ruleset
- table inet filter {
- chain LETMEIN-INPUT {
- # This chain will be managed and filled by letmeind.
- # Do NOT put manual rules here.
- # Leave this chain empty in this configuration.
- # letmeind will dynamically insert 'accept' rules here for the leases.
- }
- chain INPUT {
- type filter hook input priority filter; policy drop;
- iifname lo accept
- ct state invalid drop
- ct state related,established accept
- meta l4proto ipv6-icmp accept
- meta l4proto icmp accept
- ip protocol igmp accept
- # Your static rules here...
- # Jump to letmein dynamic rules.
- jump LETMEIN-INPUT
- reject
- }
- chain FORWARD {
- type filter hook forward priority filter; policy drop;
- # Your static rules here...
- reject
- }
- chain OUTPUT {
- type filter hook output priority filter; policy drop;
- oifname lo accept
- ct state related,established accept
- meta l4proto ipv6-icmp accept
- meta l4proto icmp accept
- ip protocol igmp accept
- # Your static rules here...
- meta l4proto udp accept
- meta l4proto tcp accept
- reject
- }
- }
|
