celso
/
homemade_firewall
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

allowed icmp traffic

This commit is contained in:
celso 2024-12-13 03:14:52 -03:00
parent 211b1c0ce1
commit 35714944e5
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
filter.nft
View File

@ -30,6 +30,7 @@ table ip filter {
type filter hook input priority filter; policy drop; type filter hook input priority filter; policy drop;
ct state vmap { invalid : drop, related : accept, established : accept }; ct state vmap { invalid : drop, related : accept, established : accept };
iifname "lo" accept; iifname "lo" accept;
icmp type echo-request accept;
tcp dport @allowed_tcp_ports accept; tcp dport @allowed_tcp_ports accept;
udp dport @allowed_udp_ports_in accept; udp dport @allowed_udp_ports_in accept;
} }
@ -39,14 +40,15 @@ table ip filter {
comment "this routes vpn traffic"; comment "this routes vpn traffic";
ct state related,established accept; ct state related,established accept;
iifname "tun0" oifname "eth0" accept; iifname "tun0" oifname "eth0" accept;
} }
chain out { chain out {
type filter hook output priority filter; policy drop; type filter hook output priority filter; policy drop;
udp dport @allowed_udp_ports_out accept; udp dport @allowed_udp_ports_out accept;
oifname "lo" accept; oifname "lo" accept;
icmp type echo-reply accept;
} }
} }
include "./nat.nft" include "./nat.nft"