Vorlage:Input-output.conf: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
(Die Seite wurde neu angelegt: „ flush ruleset table inet filter { chain input { type filter hook input priority filter; policy drop; ct state est…“) |
|||
| (5 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) | |||
| Zeile 1: | Zeile 1: | ||
| − | + | <pre> | |
| − | |||
chain input { | chain input { | ||
| − | + | type filter hook input priority filter; policy drop; | |
ct state established,related accept | ct state established,related accept | ||
ct state new iif "lo" accept | ct state new iif "lo" accept | ||
| − | + | ct state new iif $DMZDEV ip saddr $DMZ tcp dport 22 accept | |
| − | + | ct state new iif $LANDEV ip saddr $LAN tcp dport 22 accept | |
| − | + | ct state new iif $SERVERDEV ip saddr $SERVER tcp dport 22 accept | |
| − | + | ct state new iif $WANDEV ip saddr $HOST tcp dport 22 accept | |
ct state new icmp type echo-request accept | ct state new icmp type echo-request accept | ||
log prefix " --nftables-drop-input-- " | log prefix " --nftables-drop-input-- " | ||
| − | + | } | |
| − | + | chain output { | |
| − | |||
| − | |||
type filter hook output priority filter; policy drop; | type filter hook output priority filter; policy drop; | ||
ct state established,related accept | ct state established,related accept | ||
ct state new oif "lo" accept | ct state new oif "lo" accept | ||
ct state new accept | ct state new accept | ||
| − | + | log prefix " --nftables-drop-output-- " | |
| − | + | } | |
| − | + | </pre> | |
Aktuelle Version vom 8. Mai 2026, 04:51 Uhr
chain input {
type filter hook input priority filter; policy drop;
ct state established,related accept
ct state new iif "lo" accept
ct state new iif $DMZDEV ip saddr $DMZ tcp dport 22 accept
ct state new iif $LANDEV ip saddr $LAN tcp dport 22 accept
ct state new iif $SERVERDEV ip saddr $SERVER tcp dport 22 accept
ct state new iif $WANDEV ip saddr $HOST tcp dport 22 accept
ct state new icmp type echo-request accept
log prefix " --nftables-drop-input-- "
}
chain output {
type filter hook output priority filter; policy drop;
ct state established,related accept
ct state new oif "lo" accept
ct state new accept
log prefix " --nftables-drop-output-- "
}