diff --git a/defines.nft b/defines.nft index 10cfc0d..75853f2 100644 --- a/defines.nft +++ b/defines.nft @@ -1,6 +1,12 @@ -# services +# TCP only services define SSH_PORT1 = 22 define SSH_PORT2 = 8022 +define HTTP_PORT = 80 +define HTTPS_PORT = 443 + +# TCP and UDP services (needs to go in both sets) define DNS_PORT = 53 + +# UDP only services define DHCP_IN_PORT = 67 define DHCP_OUT_PORT = 68 diff --git a/filter.nft b/filter.nft index aa538ce..7cdcd6a 100644 --- a/filter.nft +++ b/filter.nft @@ -7,7 +7,7 @@ table ip filter { set allowed_tcp_ports { type inet_service; flags constant; - elements = { $SSH_PORT1, $SSH_PORT2, $DNS_PORT }; + elements = { $SSH_PORT1, $SSH_PORT2, $DNS_PORT, $HTTP_PORT, $HTTPS_PORT }; } set allowed_udp_ports_in {