projects / config / nftables.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
nftables-workstation.nft: set default policy to drop
[config/nftables.git] / nftables-workstation.nft
diff --git a/nftables-workstation.nft b/nftables-workstation.nft
index 7261291..ecfb200 100644 (file)
--- a/nftables-workstation.nft
+++ b/nftables-workstation.nft
@@ -40,6 +40,7 @@ table inet filter {
 
     chain input {
         type filter hook input priority 0
+        policy drop
 
         ct state established,related accept
         ct state invalid drop
@@ -124,12 +125,16 @@ table inet filter {
 
     chain forward {
         type filter hook forward priority 0
+        policy drop
+
         limit rate 3/minute burst 10 packets log prefix "[FORWARD]: "
         counter reject
     }
 
     chain output {
         type filter hook output priority 0
+        policy drop
+
         counter accept
     }
 }
Configuration files for the nftables linux packet filtering framework