diff --git a/defines.nft b/defines.nft index 7bf8e9d..a72cd6e 100644 --- a/defines.nft +++ b/defines.nft @@ -11,6 +11,7 @@ define TERRARIA_PORT = 7777 define MAINPAGE_PORT = 3000 define NEXTCLOUD_PORT = 3001 define GITEA_PORT = 3002 +define POSTGRESQL_PORT = 5432 # TCP and UDP services (needs to go in both sets) define DNS_PORT = 53 @@ -22,3 +23,5 @@ define DHCP_OUT_PORT = 68 define OPENVPN_PORT = 1194 define FACTORIO_PORT = 34197 define CSTRIKE_PORT = 27015 +define SNMP_POLL_PORT = 161 +define SNMP_TRAP_PORT = 162 diff --git a/filter.nft b/filter.nft index 567702c..e459ac5 100644 --- a/filter.nft +++ b/filter.nft @@ -7,19 +7,23 @@ table ip filter { set allowed_tcp_ports { type inet_service; flags constant; - elements = { $SSH_PORT1, $SSH_PORT2, $DNS_PORT, $HTTP_PORT, $HTTPS_PORT, $SYNCPLAY_PORT, $TERRARIA_PORT, $OPENTTD_PORT, $MAINPAGE_PORT, $NEXTCLOUD_PORT, $GITEA_PORT }; + elements = { + $SSH_PORT1, $SSH_PORT2, $DNS_PORT, $HTTP_PORT, $HTTPS_PORT, $SYNCPLAY_PORT, + $TERRARIA_PORT, $OPENTTD_PORT, $MAINPAGE_PORT, $NEXTCLOUD_PORT, $GITEA_PORT, + $POSTGRESQL_PORT + }; } set allowed_udp_ports_in { type inet_service; flags constant; - elements = { $DNS_PORT, $DHCP_IN_PORT, $OPENVPN_PORT, $FACTORIO_PORT, $OPENTTD_PORT, $CSTRIKE_PORT } + elements = { $DNS_PORT, $DHCP_IN_PORT, $OPENVPN_PORT, $FACTORIO_PORT, $OPENTTD_PORT, $CSTRIKE_PORT, $SNMP_POLL_PORT, $SNMP_TRAP_PORT } } set allowed_udp_ports_out { type inet_service; flags constant; - elements = { $DNS_PORT, $DHCP_OUT_PORT } + elements = { $DNS_PORT, $DHCP_OUT_PORT, $SNMP_POLL_PORT } } chain in {