From 2dc73049b5d04ff4004ab252563c8fe482c835bd Mon Sep 17 00:00:00 2001 From: celso Date: Thu, 12 Dec 2024 21:55:35 -0300 Subject: [PATCH] allowed ssh traffic and allowed_tcp_ports set --- filter.nft | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/filter.nft b/filter.nft index e123562..5a52ff4 100644 --- a/filter.nft +++ b/filter.nft @@ -1,11 +1,20 @@ #!/usr/bin/nft flush ruleset +define SSH_PORT1 = 22 +define SSH_PORT2 = 8022 + table ip filter { + set allowed_tcp_ports { + type inet_service; + flags constant; + elements = { $SSH_PORT1, $SSH_PORT2 }; + } chain in { type filter hook input priority filter; policy drop; ct state invalid drop; ct state {related,established} accept; + tcp dport @allowed_tcp_ports accept; } chain forward { type filter hook forward priority filter; policy drop;