18 lines
336 B
Plaintext
18 lines
336 B
Plaintext
#!/usr/bin/nft
|
|
flush ruleset
|
|
|
|
table ip filter {
|
|
chain in {
|
|
type filter hook input priority filter; policy drop;
|
|
ct state invalid drop;
|
|
ct state {related,established} accept;
|
|
}
|
|
chain forward {
|
|
type filter hook forward priority filter; policy drop;
|
|
}
|
|
|
|
chain out {
|
|
type filter hook output priority filter; policy drop;
|
|
}
|
|
}
|