sonny/sentry
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Try different firewall rules

Browse source
This commit is contained in:
Sonny Bakker 2021-02-02 21:49:03 +01:00
parent 1c962d6eb0
commit 58d2528c40
1 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

6
templates/nftables.j2
View file

@ -6,7 +6,7 @@
flush ruleset flush ruleset
table inet filter { table inet filter {
chain INPUT { chain input {
type filter hook input priority 0; policy drop; type filter hook input priority 0; policy drop;
# accept any localhost traffic # accept any localhost traffic
@ -18,7 +18,7 @@ table inet filter {
tcp dport { 22, 80, 443 } accept tcp dport { 22, 80, 443 } accept
} }
chain FORWARD { chain forward {
type filter hook forward priority 0; policy drop; type filter hook forward priority 0; policy drop;
ct state { established, related } accept; ct state { established, related } accept;
@ -27,7 +27,7 @@ table inet filter {
} }
table ip filter { table ip filter {
chain DOCKER-USER { chain DOCKER {
mark set 1 mark set 1
} }
} }