22 lines
486 B
Plaintext
22 lines
486 B
Plaintext
#!/usr/bin/nft -f
|
|
|
|
## This is a basic workstation configuration based on
|
|
## https://wiki.nftables.org/wiki-nftables/index.php/Simple_ruleset_for_a_workstation
|
|
|
|
flush ruleset
|
|
|
|
table ip filter {
|
|
chain input {
|
|
type filter hook input priority 0; policy drop;
|
|
|
|
# accept any localhost traffic
|
|
iif lo accept
|
|
|
|
# accept traffic originated from us
|
|
ct state established,related accept
|
|
|
|
# accept ssh logins via port 22
|
|
tcp dport 22 accept comment "Accept SSH on port 22"
|
|
}
|
|
}
|