|
@@ -1,5 +1,7 @@
|
|
|
flush ruleset
|
|
flush ruleset
|
|
|
|
|
|
|
|
|
|
+# @link: https://fishilico.github.io/generic-config/etc/nftables-server.conf.raw.html
|
|
|
|
|
+
|
|
|
table inet firewall {
|
|
table inet firewall {
|
|
|
|
|
|
|
|
# allow all outbound traffic
|
|
# allow all outbound traffic
|
|
@@ -31,6 +33,11 @@ table inet firewall {
|
|
|
# Jump to chain according to layer 3 protocol using a verdict map
|
|
# Jump to chain according to layer 3 protocol using a verdict map
|
|
|
meta protocol vmap { ip: jump inbound_ipv4, ip6: jump inbound_ipv6 }
|
|
meta protocol vmap { ip: jump inbound_ipv4, ip6: jump inbound_ipv6 }
|
|
|
|
|
|
|
|
|
|
+ # silence some noisy crap
|
|
|
|
|
+ meta pkttype broadcast counter drop comment "silently drop unsollicited broadcast"
|
|
|
|
|
+ meta pkttype multicast counter drop comment "silently drop unsollicited multicast"
|
|
|
|
|
+ ip daddr 255.255.255.255/32 counter drop comment "really drop unsollicited IPv4 broadcast"
|
|
|
|
|
+
|
|
|
# allow http and https traffic
|
|
# allow http and https traffic
|
|
|
tcp dport { 80, 443 } accept
|
|
tcp dport { 80, 443 } accept
|
|
|
|
|
|
