18 lines
336 B
Plaintext
18 lines
336 B
Plaintext
|
#!/usr/bin/nft
|
||
|
flush ruleset
|
||
|
|
||
|
table ip filter {
|
||
|
chain in {
|
||
|
type filter hook input priority filter; policy drop;
|
||
|
ct state invalid drop;
|
||
|
ct state {related,established} accept;
|
||
|
}
|
||
|
chain forward {
|
||
|
type filter hook forward priority filter; policy drop;
|
||
|
}
|
||
|
|
||
|
chain out {
|
||
|
type filter hook output priority filter; policy drop;
|
||
|
}
|
||
|
}
|