projects
/
config
/
nftables.git
/ commitdiff
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
ed04a7f
)
nftables-workstation.nft: set default policy to drop
author
Antonio Ospite <ao2@ao2.it>
Thu, 26 Apr 2018 13:00:09 +0000
(15:00 +0200)
committer
Antonio Ospite <ao2@ao2.it>
Thu, 26 Apr 2018 13:02:45 +0000
(15:02 +0200)
nftables-workstation.nft
patch
|
blob
|
history
diff --git
a/nftables-workstation.nft
b/nftables-workstation.nft
index
7261291
..
ecfb200
100644
(file)
--- a/
nftables-workstation.nft
+++ b/
nftables-workstation.nft
@@
-40,6
+40,7
@@
table inet filter {
chain input {
type filter hook input priority 0
chain input {
type filter hook input priority 0
+ policy drop
ct state established,related accept
ct state invalid drop
ct state established,related accept
ct state invalid drop
@@
-124,12
+125,16
@@
table inet filter {
chain forward {
type filter hook forward priority 0
chain forward {
type filter hook forward priority 0
+ policy drop
+
limit rate 3/minute burst 10 packets log prefix "[FORWARD]: "
counter reject
}
chain output {
type filter hook output priority 0
limit rate 3/minute burst 10 packets log prefix "[FORWARD]: "
counter reject
}
chain output {
type filter hook output priority 0
+ policy drop
+
counter accept
}
}
counter accept
}
}