2022-02-27 20:25:16 +01:00
|
|
|
#!/usr/bin/nft -f
|
|
|
|
|
|
|
|
## This is a basic workstation configuration based on
|
|
|
|
## https://wiki.nftables.org/wiki-nftables/index.php/Simple_ruleset_for_a_workstation
|
|
|
|
|
|
|
|
flush ruleset
|
|
|
|
|
|
|
|
table ip filter {
|
|
|
|
chain input {
|
|
|
|
type filter hook input priority 0; policy drop;
|
|
|
|
|
|
|
|
# accept any localhost traffic
|
|
|
|
iif lo accept
|
|
|
|
|
|
|
|
# accept traffic originated from us
|
|
|
|
ct state established,related accept
|
|
|
|
|
2022-04-18 15:54:01 +02:00
|
|
|
# accept ssh logins via port 22
|
2022-02-27 20:25:16 +01:00
|
|
|
tcp dport 22 accept comment "Accept SSH on port 22"
|
|
|
|
}
|
|
|
|
}
|