Skip to content

Commit

Permalink
feat(firewall): refactor policies
Browse files Browse the repository at this point in the history
  • Loading branch information
@guillaumededrie
guillaumededrie committed Nov 12, 2024
1 parent 9ffb681 commit dff4d20
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions files/etc_nftables.conf.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ table inet firewall {
# DHCP restrictions
ip6 saddr fe80::/10 udp sport 547 udp dport 546 accept comment "Accept DHCPv6 replies from IPv6 link-local addresses"

log prefix "[nftables] Input Denied: " counter drop
log prefix "[nftables] Input Denied: " counter
}

chain forward {
Expand All @@ -43,7 +43,7 @@ table inet firewall {

chain output {
type filter hook output priority filter;
policy accept;
policy drop;

oif lo accept

Expand Down Expand Up @@ -75,7 +75,7 @@ table inet firewall {
ip daddr 203.0.113.1 udp dport 12345 counter accept comment "Allow Tailscale…"
ip daddr @LANv4 udp dport { 1900, 5351 } counter accept comment "Allow Tailscale UPnP and PCP"

log prefix "[nftables] Output Denied: " counter reject
log prefix "[nftables] Output Denied: " counter
}


Expand Down

0 comments on commit dff4d20

Please sign in to comment.