Vorlage:Input-output.conf: Unterschied zwischen den Versionen

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen
(Die Seite wurde neu angelegt: „ flush ruleset table inet filter { chain input { type filter hook input priority filter; policy drop; ct state est…“)
 
Zeile 5: Zeile 5:
 
                 ct state established,related accept
 
                 ct state established,related accept
 
                 ct state new iif "lo" accept
 
                 ct state new iif "lo" accept
                ct state new iif "enp0s8" ip saddr 10.88.213.0/24 tcp dport 22 accept
+
                ct state new iif "enp0s8" ip saddr 10.88.213.0/24 tcp dport 22 accept
    ct state new iif "enp0s9" ip saddr 172.26.213.0/24 tcp dport 22 accept
+
    ct state new iif "enp0s9" ip saddr 172.26.213.0/24 tcp dport 22 accept
  ct state new iif "enp0s10" ip saddr 10.213.1.0/24 tcp dport 22 accept
+
  ct state new iif "enp0s10" ip saddr 10.213.1.0/24 tcp dport 22 accept
ct state new iif "enp0s3" ip saddr 192.168.6.200 tcp dport 22 accept
+
ct state new iif "enp0s3" ip saddr 192.168.6.200 tcp dport 22 accept
 
                 ct state new icmp type echo-request accept  
 
                 ct state new icmp type echo-request accept  
 
                 log prefix " --nftables-drop-input-- "
 
                 log prefix " --nftables-drop-input-- "
        }
+
          }
 
   
 
   
     
+
          chain output {
 
        chain output {
 
 
                 type filter hook output priority filter; policy drop;
 
                 type filter hook output priority filter; policy drop;
 
                 ct state established,related accept
 
                 ct state established,related accept
 
                 ct state new oif "lo" accept
 
                 ct state new oif "lo" accept
 
                 ct state new accept
 
                 ct state new accept
                log prefix " --nftables-drop-output-- "
+
                log prefix " --nftables-drop-output-- "
        }
+
          }
 
  }
 
  }

Version vom 7. Mai 2026, 14:58 Uhr

flush ruleset
table inet filter {
        chain input {
                 type filter hook input priority filter; policy drop;
                ct state established,related accept
                ct state new iif "lo" accept
                ct state new iif "enp0s8" ip saddr 10.88.213.0/24 tcp dport 22 accept
	     	 ct state new iif "enp0s9" ip saddr 172.26.213.0/24 tcp dport 22 accept
	  	 ct state new iif "enp0s10" ip saddr 10.213.1.0/24 tcp dport 22 accept
	 	 ct state new iif "enp0s3" ip saddr 192.168.6.200 tcp dport 22 accept
                ct state new icmp type echo-request accept 
                log prefix " --nftables-drop-input-- "
         }

         chain output {
                type filter hook output priority filter; policy drop;
                ct state established,related accept
                ct state new oif "lo" accept
                ct state new accept
                log prefix " --nftables-drop-output-- "
         }
}
Abgerufen von „http://wiki.ixheim.de/index.php?title=Vorlage:Input-output.conf&oldid=69715