added snmp and postgresql ports, organized tcp_ports set better
This commit is contained in:
parent
70349a41c9
commit
211b1c0ce1
|
@ -11,6 +11,7 @@ define TERRARIA_PORT = 7777
|
||||||
define MAINPAGE_PORT = 3000
|
define MAINPAGE_PORT = 3000
|
||||||
define NEXTCLOUD_PORT = 3001
|
define NEXTCLOUD_PORT = 3001
|
||||||
define GITEA_PORT = 3002
|
define GITEA_PORT = 3002
|
||||||
|
define POSTGRESQL_PORT = 5432
|
||||||
|
|
||||||
# TCP and UDP services (needs to go in both sets)
|
# TCP and UDP services (needs to go in both sets)
|
||||||
define DNS_PORT = 53
|
define DNS_PORT = 53
|
||||||
|
@ -22,3 +23,5 @@ define DHCP_OUT_PORT = 68
|
||||||
define OPENVPN_PORT = 1194
|
define OPENVPN_PORT = 1194
|
||||||
define FACTORIO_PORT = 34197
|
define FACTORIO_PORT = 34197
|
||||||
define CSTRIKE_PORT = 27015
|
define CSTRIKE_PORT = 27015
|
||||||
|
define SNMP_POLL_PORT = 161
|
||||||
|
define SNMP_TRAP_PORT = 162
|
||||||
|
|
10
filter.nft
10
filter.nft
|
@ -7,19 +7,23 @@ table ip filter {
|
||||||
set allowed_tcp_ports {
|
set allowed_tcp_ports {
|
||||||
type inet_service;
|
type inet_service;
|
||||||
flags constant;
|
flags constant;
|
||||||
elements = { $SSH_PORT1, $SSH_PORT2, $DNS_PORT, $HTTP_PORT, $HTTPS_PORT, $SYNCPLAY_PORT, $TERRARIA_PORT, $OPENTTD_PORT, $MAINPAGE_PORT, $NEXTCLOUD_PORT, $GITEA_PORT };
|
elements = {
|
||||||
|
$SSH_PORT1, $SSH_PORT2, $DNS_PORT, $HTTP_PORT, $HTTPS_PORT, $SYNCPLAY_PORT,
|
||||||
|
$TERRARIA_PORT, $OPENTTD_PORT, $MAINPAGE_PORT, $NEXTCLOUD_PORT, $GITEA_PORT,
|
||||||
|
$POSTGRESQL_PORT
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
set allowed_udp_ports_in {
|
set allowed_udp_ports_in {
|
||||||
type inet_service;
|
type inet_service;
|
||||||
flags constant;
|
flags constant;
|
||||||
elements = { $DNS_PORT, $DHCP_IN_PORT, $OPENVPN_PORT, $FACTORIO_PORT, $OPENTTD_PORT, $CSTRIKE_PORT }
|
elements = { $DNS_PORT, $DHCP_IN_PORT, $OPENVPN_PORT, $FACTORIO_PORT, $OPENTTD_PORT, $CSTRIKE_PORT, $SNMP_POLL_PORT, $SNMP_TRAP_PORT }
|
||||||
}
|
}
|
||||||
|
|
||||||
set allowed_udp_ports_out {
|
set allowed_udp_ports_out {
|
||||||
type inet_service;
|
type inet_service;
|
||||||
flags constant;
|
flags constant;
|
||||||
elements = { $DNS_PORT, $DHCP_OUT_PORT }
|
elements = { $DNS_PORT, $DHCP_OUT_PORT, $SNMP_POLL_PORT }
|
||||||
}
|
}
|
||||||
|
|
||||||
chain in {
|
chain in {
|
||||||
|
|
Loading…
Reference in New Issue