From be8d249c296e28eed2bbf380278caed7c1fe6a47 Mon Sep 17 00:00:00 2001 From: celso Date: Thu, 12 Dec 2024 22:22:15 -0300 Subject: [PATCH] added http and https services, commented defines.nft for clarity --- defines.nft | 8 +++++++- filter.nft | 2 +- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/defines.nft b/defines.nft index 10cfc0d..75853f2 100644 --- a/defines.nft +++ b/defines.nft @@ -1,6 +1,12 @@ -# services +# TCP only services define SSH_PORT1 = 22 define SSH_PORT2 = 8022 +define HTTP_PORT = 80 +define HTTPS_PORT = 443 + +# TCP and UDP services (needs to go in both sets) define DNS_PORT = 53 + +# UDP only services define DHCP_IN_PORT = 67 define DHCP_OUT_PORT = 68 diff --git a/filter.nft b/filter.nft index aa538ce..7cdcd6a 100644 --- a/filter.nft +++ b/filter.nft @@ -7,7 +7,7 @@ table ip filter { set allowed_tcp_ports { type inet_service; flags constant; - elements = { $SSH_PORT1, $SSH_PORT2, $DNS_PORT }; + elements = { $SSH_PORT1, $SSH_PORT2, $DNS_PORT, $HTTP_PORT, $HTTPS_PORT }; } set allowed_udp_ports_in {