celso
/
homemade_firewall
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

allowed ssh traffic and allowed_tcp_ports set

This commit is contained in:
celso 2024-12-12 21:55:35 -03:00
parent 711ebd8336
commit 2dc73049b5
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
filter.nft
View File

@ -1,11 +1,20 @@
#!/usr/bin/nft #!/usr/bin/nft
flush ruleset flush ruleset
define SSH_PORT1 = 22
define SSH_PORT2 = 8022
table ip filter { table ip filter {
set allowed_tcp_ports {
type inet_service;
flags constant;
elements = { $SSH_PORT1, $SSH_PORT2 };
}
chain in { chain in {
type filter hook input priority filter; policy drop; type filter hook input priority filter; policy drop;
ct state invalid drop; ct state invalid drop;
ct state {related,established} accept; ct state {related,established} accept;
tcp dport @allowed_tcp_ports accept;
} }
chain forward { chain forward {
type filter hook forward priority filter; policy drop; type filter hook forward priority filter; policy drop;