28 lines
669 B
Text
28 lines
669 B
Text
#!/usr/sbin/nft -f
|
|
|
|
# only flush tables managed by this file
|
|
table inet filter
|
|
flush table inet filter
|
|
|
|
table inet filter {
|
|
chain input {
|
|
type filter hook input priority filter; policy drop;
|
|
ip protocol icmp accept
|
|
ip6 nexthdr icmpv6 accept
|
|
iifname lo accept
|
|
ct state related,established accept
|
|
|
|
tcp dport 22 accept
|
|
tcp dport 53 accept
|
|
udp dport 53 accept
|
|
|
|
tcp dport 9167 ip saddr 94.45.254.5 accept comment "allow monitoring access to unbound exporter stats"
|
|
}
|
|
chain forward {
|
|
type filter hook forward priority filter; policy drop;
|
|
ct state related,established counter accept
|
|
}
|
|
chain output {
|
|
type filter hook output priority filter;
|
|
}
|
|
}
|