celso
/
homemade_firewall
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

added optimization suggested by nft -c -o -f nftables.conf

This commit is contained in:
celso 2024-12-13 02:45:55 -03:00
parent a4bad496d3
commit 186bab8f76
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
filter.nft
View File

@ -24,8 +24,7 @@ table ip filter {
chain in { chain in {
type filter hook input priority filter; policy drop; type filter hook input priority filter; policy drop;
ct state invalid drop; ct state vmap { invalid : drop, related : accept, established : accept };
ct state related,established accept;
iifname "lo" accept; iifname "lo" accept;
tcp dport @allowed_tcp_ports accept; tcp dport @allowed_tcp_ports accept;
udp dport @allowed_udp_ports_in accept; udp dport @allowed_udp_ports_in accept;