allowed icmp traffic

This commit is contained in:
celso 2024-12-13 03:14:52 -03:00
parent 211b1c0ce1
commit 35714944e5
1 changed files with 3 additions and 1 deletions

View File

@ -30,6 +30,7 @@ table ip filter {
type filter hook input priority filter; policy drop;
ct state vmap { invalid : drop, related : accept, established : accept };
iifname "lo" accept;
icmp type echo-request accept;
tcp dport @allowed_tcp_ports accept;
udp dport @allowed_udp_ports_in accept;
}
@ -39,14 +40,15 @@ table ip filter {
comment "this routes vpn traffic";
ct state related,established accept;
iifname "tun0" oifname "eth0" accept;
}
chain out {
type filter hook output priority filter; policy drop;
udp dport @allowed_udp_ports_out accept;
oifname "lo" accept;
icmp type echo-reply accept;
}
}
include "./nat.nft"