Version vom 14. Januar 2024, 07:03 Uhr

Simple IPv4 Firwall

table ip filter {
	chain input {
		type filter hook input priority filter; policy drop;
		ct state established,related accept
		ct state new iif "ens4" tcp dport 22 accept
		ct state new iif "ens5" accept
		ct state new iifname "lo" accept
		log prefix "--nftables-drop-input--"
	}

	chain forward {
		type filter hook forward priority filter; policy drop;
		ct state established,related accept
		ct state new iif "ens5" oif "ens4" accept
		log prefix "--nftables-drop-forward--"
	}

	chain output {
		type filter hook output priority filter; policy drop;
		ct state established,related accept
		ct state new accept
		log prefix "--nftables-drop-output--"
	}
}
table ip nat {
	chain postrouting {
		type nat hook postrouting priority srcnat; policy accept;
		oif "ens4" masquerade
	}
}

Simple Dual Stack Firewall

table inet filter {
	chain input {
		type filter hook input priority filter; policy drop;
		ct state established,related accept
		ct state new iif "ens4" tcp dport 22 accept
		ct state new iif "ens5" accept
		ct state new iifname "lo" accept
		ct state new icmp type echo-request accept
		ip6 nexthdr ipv6-icmp accept
		log prefix "--nftables-drop-input--"
	}

	chain forward {
		type filter hook forward priority filter; policy drop;
		ct state established,related accept
		ct state new iif "ens5" oif "ens4" accept
		ct state new iif "ens4" oif "ens5" ip6 daddr 2a02:24d8:71:2445::102 tcp dport 80 accept
		log prefix "--nftables-drop-forward--"
	}

	chain output {
		type filter hook output priority filter; policy drop;
		ct state established,related accept
		ip6 nexthdr ipv6-icmp accept
		ct state new accept
		log prefix "--nftables-drop-output--"
	}
}
table ip nat {
	chain postrouting {
		type nat hook postrouting priority srcnat; policy accept;
		oif "ens4" masquerade
	}
}

IPv6 Firewall Router: Unterschied zwischen den Versionen

Version vom 14. Januar 2024, 07:03 Uhr

Simple IPv4 Firwall

Simple Dual Stack Firewall

Navigationsmenü

Suche