From 186bab8f760de69b420d2a2ccffe57ec4ddc1283 Mon Sep 17 00:00:00 2001 From: celso Date: Fri, 13 Dec 2024 02:45:55 -0300 Subject: [PATCH] added optimization suggested by nft -c -o -f nftables.conf --- filter.nft | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/filter.nft b/filter.nft index 32b2933..62fcef1 100644 --- a/filter.nft +++ b/filter.nft @@ -24,8 +24,7 @@ table ip filter { chain in { type filter hook input priority filter; policy drop; - ct state invalid drop; - ct state related,established accept; + ct state vmap { invalid : drop, related : accept, established : accept }; iifname "lo" accept; tcp dport @allowed_tcp_ports accept; udp dport @allowed_udp_ports_in accept;