diff --git a/filter.nft b/filter.nft index 32b2933..62fcef1 100644 --- a/filter.nft +++ b/filter.nft @@ -24,8 +24,7 @@ table ip filter { chain in { type filter hook input priority filter; policy drop; - ct state invalid drop; - ct state related,established accept; + ct state vmap { invalid : drop, related : accept, established : accept }; iifname "lo" accept; tcp dport @allowed_tcp_ports accept; udp dport @allowed_udp_ports_in accept;