Viyurz/vps
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Maj nftables

Browse source
This commit is contained in:
Viyurz 2023-11-29 07:32:08 +00:00
parent 07ec87f6aa
commit a37eebfd29
No known key found for this signature in database
1 changed files with 6 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
nftables.conf
View file

@ -7,26 +7,23 @@ table inet filter {
type filter hook input priority 0; policy drop; type filter hook input priority 0; policy drop;
iif lo accept iif lo accept
ct state established,related accept
ct state invalid drop ct state invalid drop
ct state { established, related } accept
# Allow ICMP ping # Allow ICMP ping
icmp type echo-request limit rate 1/second accept meta nfproto ipv4 icmp type echo-request limit rate 1/second accept
icmpv6 type echo-request limit rate 1/second accept meta nfproto ipv6 icmpv6 type echo-request limit rate 1/second accept
# SSH # SSH
tcp dport 995 limit rate 10/minute accept tcp dport 995 limit rate 15/minute accept
# HTTP # HTTP
tcp dport { http, https } limit rate 5/second accept tcp dport { http, https } limit rate 25/second accept
# udp dport 443 limit rate 5/second accept
} }
chain forward { chain forward {
type filter hook forward priority 0; policy accept; type filter hook forward priority 0; policy accept;
iif eth0 drop
oif eth0 drop
} }
chain output { chain output {