X-Git-Url: https://plomlompom.com/repos/foo.html?a=blobdiff_plain;ds=sidebyside;f=bookworm%2Fetc_files%2Fweb%2Fetc%2Fnftables.conf;fp=bookworm%2Fetc_files%2Fweb%2Fetc%2Fnftables.conf;h=ec6732ad60e64598bc0f0c58e1e6f34a9c18fed7;hb=b2689a62b11cf9a4423ac51af582a12a17a781a0;hp=0000000000000000000000000000000000000000;hpb=d286a9a87d1cf888716bb7e36f7cbc052e75ff31;p=config
diff --git a/bookworm/etc_files/web/etc/nftables.conf b/bookworm/etc_files/web/etc/nftables.conf
new file mode 100755
index 0000000..ec6732a
--- /dev/null
+++ b/bookworm/etc_files/web/etc/nftables.conf
@@ -0,0 +1,22 @@
+#!/usr/sbin/nft -f
+
+flush ruleset
+
+table inet filter {
+ chain input {
+ type filter hook input priority 0; policy drop;
+ iif lo accept comment "accept localhost traffic"
+ ct state invalid drop comment "drop invalid connections"
+ ct state established, related accept comment "accept traffic originated from us"
+ tcp dport 22 accept comment "accept SSH on default port"
+ tcp dport 80 accept comment "accept HTTP on default port"
+ tcp dport 443 accept comment "accept HTTPS on default port"
+ ip protocol icmp icmp type echo-request accept comment "accept ICMP for pinging"
+ }
+ chain forward {
+ type filter hook forward priority 0; policy drop;
+ }
+ chain output {
+ type filter hook output priority 0; policy accept;
+ }
+}