X-Git-Url: https://plomlompom.com/repos/?a=blobdiff_plain;ds=sidebyside;f=bullseye%2Fetc_files%2Fweb%2Fetc%2Fnftables.conf;fp=bullseye%2Fetc_files%2Fweb%2Fetc%2Fnftables.conf;h=ec6732ad60e64598bc0f0c58e1e6f34a9c18fed7;hb=6c7e3825ec99b00c3f9d68df8d16b8d68aac6229;hp=0000000000000000000000000000000000000000;hpb=4dde5c94f615de46319726e7a32328b94c7880a2;p=config

diff --git a/bullseye/etc_files/web/etc/nftables.conf b/bullseye/etc_files/web/etc/nftables.conf
new file mode 100755
index 0000000..ec6732a
--- /dev/null
+++ b/bullseye/etc_files/web/etc/nftables.conf
@@ -0,0 +1,22 @@
+#!/usr/sbin/nft -f
+
+flush ruleset
+
+table inet filter {
+	chain input {
+		type filter hook input priority 0; policy drop;
+		iif lo accept comment "accept localhost traffic"
+		ct state invalid drop comment "drop invalid connections"
+		ct state established, related accept comment "accept traffic originated from us"
+		tcp dport 22 accept comment "accept SSH on default port"
+		tcp dport 80 accept comment "accept HTTP on default port"
+		tcp dport 443 accept comment "accept HTTPS on default port"
+		ip protocol icmp icmp type echo-request accept comment "accept ICMP for pinging"
+	}
+	chain forward {
+		type filter hook forward priority 0; policy drop;
+	}
+	chain output {
+		type filter hook output priority 0; policy accept;
+	}
+}