Maj nftables

2023-11-29 07:32:08 +00:00 · 2023-11-29 07:32:08 +00:00 · a37eebfd29
commit a37eebfd29
parent 07ec87f6aa
1 changed files with 6 additions and 9 deletions
--- a/nftables.conf
+++ b/nftables.conf
@ -7,26 +7,23 @@ table inet filter {
 		type filter hook input priority 0; policy drop;

 		iif lo accept
-		ct state established,related accept
+		
 		ct state invalid drop
+		ct state { established, related } accept

 		# Allow ICMP ping
-		icmp type echo-request limit rate 1/second accept
-		icmpv6 type echo-request limit rate 1/second accept
+		meta nfproto ipv4 icmp type echo-request limit rate 1/second accept
+		meta nfproto ipv6 icmpv6 type echo-request limit rate 1/second accept
 				
 		# SSH
-		tcp dport 995 limit rate 10/minute accept
+		tcp dport 995 limit rate 15/minute accept

 		# HTTP
-		tcp dport { http, https } limit rate 5/second accept
-		# udp dport 443 limit rate 5/second accept
+		tcp dport { http, https } limit rate 25/second accept
 	}

 	chain forward {
 		type filter hook forward priority 0; policy accept;
-
-		iif eth0 drop
-		oif eth0 drop
 	}
 	
 	chain output {