diff --git a/filter.nft b/filter.nft index 7cdcd6a..4d8d8bd 100644 --- a/filter.nft +++ b/filter.nft @@ -26,6 +26,7 @@ table ip filter { type filter hook input priority filter; policy drop; ct state invalid drop; ct state {related,established} accept; + iifname "lo" accept; tcp dport @allowed_tcp_ports accept; udp dport @allowed_udp_ports_in accept; } @@ -36,5 +37,6 @@ table ip filter { chain out { type filter hook output priority filter; policy drop; udp dport @allowed_udp_ports_out accept; + oifname "lo" accept; } }