nox/resources/resolv-dns/files/nftables.conf

26 lines
563 B
Text

#!/usr/sbin/nft -f
# only flush tables managed by this file
table inet filter
flush table inet filter
table inet filter {
chain input {
type filter hook input priority filter; policy drop;
ip protocol icmp accept
ip6 nexthdr icmpv6 accept
iifname lo accept
ct state related,established accept
tcp dport 22 accept
tcp dport 53 accept
udp dport 53 accept
}
chain forward {
type filter hook forward priority filter; policy drop;
ct state related,established counter accept
}
chain output {
type filter hook output priority filter;
}
}