API tools faq
paste
Advertisement
Guest User

pengu - nftables

a guest
Oct 20th, 2019
277
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.58 KB | None | 0 0
raw download clone embed print report
  1. https://wiki.nftables.org/wiki-nftables/index.php/Quick_reference-nftables_in_10_minutes#Ip
  2. #Simple IP/IPv6 Firewall
  3.  
  4.  
  5. #!/usr/sbin/nft -f
  6.  
  7. flush ruleset
  8.  
  9. table inet filter {
  10. chain incomming {
  11. type filter hook input priority 0; policy drop
  12.  
  13. # established/related connections
  14. ct state established,related accept log
  15.  
  16. # loopback interface
  17. iifname lo accept comment "accept all incomming lo" log
  18.  
  19. # icmp
  20. icmp type echo-request accept log
  21.  
  22. # open tcp ports: sshd (22), httpd (80)
  23. tcp dport {ssh, http} accept log
  24.  
  25. }
  26.  
  27. }
  28. ~
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!