API tools faq
paste
Guest User

nftables.conf (router advertisments working)

a guest
May 24th, 2021
350
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.01 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/sbin/nft -f
  2.  
  3. flush ruleset
  4.  
  5. define allow_ip4s = {
  6. 192.168.12.18
  7. }
  8.  
  9. define allow_ip6s = {
  10. 2001:db8:0::/48
  11. }
  12.  
  13. table inet filter {
  14. chain input {
  15. type filter hook input priority 0; policy drop;
  16. ct state established,related accept
  17. ct state invalid drop
  18.  
  19. # loopback interface
  20. iifname lo accept
  21.  
  22. tcp dport 80 ip saddr $allow_ip4s accept
  23. tcp dport 80 ip6 saddr $allow_ip6s accept
  24.  
  25. icmpv6 type {echo-request,nd-neighbor-solicit,nd-router-solicit,mld-listener-query,nd-neighbor-advert,nd-router-advert} accept
  26.  
  27. tcp dport 22 accept
  28. }
  29. chain forward {
  30. type filter hook forward priority 0; policy drop;
  31. }
  32. chain output {
  33. type filter hook output priority 0; policy accept;
  34. }
  35. }
  36.  
  37. table ip nat {
  38. chain prerouting {
  39. type nat hook prerouting priority -100; policy accept;
  40. }
  41.  
  42. chain postrouting {
  43. type nat hook postrouting priority 100; policy accept;
  44. oifname "enp0s3" masquerade
  45. }
  46. }
  47.  
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!