add nftables config and deployment tasks for resolv-dns host
This commit is contained in:
parent
f9689ac665
commit
024cec9401
SSH key fingerprint:
SHA256:o9EAq4Y9N9K0pBQeBTqhSDrND5E7oB+60ZNx0U1yPe0
2 changed files with 46 additions and 0 deletions
26
resources/resolv-dns/files/nftables.conf
Normal file
26
resources/resolv-dns/files/nftables.conf
Normal file
|
|
@ -0,0 +1,26 @@
|
|||
#!/usr/sbin/nft -f
|
||||
|
||||
# only flush tables managed by this file
|
||||
table inet filter
|
||||
flush table inet filter
|
||||
|
||||
table inet filter {
|
||||
chain input {
|
||||
type filter hook input priority filter; policy drop;
|
||||
ip protocol icmp accept
|
||||
ip6 nexthdr icmpv6 accept
|
||||
iifname lo accept
|
||||
ct state related,established accept
|
||||
|
||||
tcp dport 22 accept
|
||||
tcp dport 53 accept
|
||||
udp dport 53 accept
|
||||
}
|
||||
chain forward {
|
||||
type filter hook forward priority filter; policy drop;
|
||||
ct state related,established counter accept
|
||||
}
|
||||
chain output {
|
||||
type filter hook output priority filter;
|
||||
}
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue