From a37eebfd293c9236677cf41e293988d79634ad3e Mon Sep 17 00:00:00 2001
From: Viyurz <128215328+Viyurz@users.noreply.github.com>
Date: Wed, 29 Nov 2023 07:32:08 +0000
Subject: [PATCH] Maj nftables

---
 nftables.conf | 15 ++++++---------
 1 file changed, 6 insertions(+), 9 deletions(-)

diff --git a/nftables.conf b/nftables.conf
index 56fcb0a..5cbfc21 100755
--- a/nftables.conf
+++ b/nftables.conf
@@ -7,26 +7,23 @@ table inet filter {
 		type filter hook input priority 0; policy drop;
 
 		iif lo accept
-		ct state established,related accept
+		
 		ct state invalid drop
+		ct state { established, related } accept
 
 		# Allow ICMP ping
-		icmp type echo-request limit rate 1/second accept
-		icmpv6 type echo-request limit rate 1/second accept
+		meta nfproto ipv4 icmp type echo-request limit rate 1/second accept
+		meta nfproto ipv6 icmpv6 type echo-request limit rate 1/second accept
 				
 		# SSH
-		tcp dport 995 limit rate 10/minute accept
+		tcp dport 995 limit rate 15/minute accept
 
 		# HTTP
-		tcp dport { http, https } limit rate 5/second accept
-		# udp dport 443 limit rate 5/second accept
+		tcp dport { http, https } limit rate 25/second accept
 	}
 
 	chain forward {
 		type filter hook forward priority 0; policy accept;
-
-		iif eth0 drop
-		oif eth0 drop
 	}
 	
 	chain output {