Vorlage:Input-output.conf: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| (4 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) | |||
| Zeile 1: | Zeile 1: | ||
| − | + | <pre> | |
| − | |||
chain input { | chain input { | ||
| − | + | type filter hook input priority filter; policy drop; | |
ct state established,related accept | ct state established,related accept | ||
ct state new iif "lo" accept | ct state new iif "lo" accept | ||
| − | ct state new iif | + | ct state new iif $DMZDEV ip saddr $DMZ tcp dport 22 accept |
| − | ct state new iif | + | ct state new iif $LANDEV ip saddr $LAN tcp dport 22 accept |
| − | ct state new iif | + | ct state new iif $SERVERDEV ip saddr $SERVER tcp dport 22 accept |
| − | ct state new iif | + | ct state new iif $WANDEV ip saddr $HOST tcp dport 22 accept |
ct state new icmp type echo-request accept | ct state new icmp type echo-request accept | ||
log prefix " --nftables-drop-input-- " | log prefix " --nftables-drop-input-- " | ||
| Zeile 20: | Zeile 19: | ||
log prefix " --nftables-drop-output-- " | log prefix " --nftables-drop-output-- " | ||
} | } | ||
| − | + | </pre> | |
Aktuelle Version vom 8. Mai 2026, 04:51 Uhr
chain input {
type filter hook input priority filter; policy drop;
ct state established,related accept
ct state new iif "lo" accept
ct state new iif $DMZDEV ip saddr $DMZ tcp dport 22 accept
ct state new iif $LANDEV ip saddr $LAN tcp dport 22 accept
ct state new iif $SERVERDEV ip saddr $SERVER tcp dport 22 accept
ct state new iif $WANDEV ip saddr $HOST tcp dport 22 accept
ct state new icmp type echo-request accept
log prefix " --nftables-drop-input-- "
}
chain output {
type filter hook output priority filter; policy drop;
ct state established,related accept
ct state new oif "lo" accept
ct state new accept
log prefix " --nftables-drop-output-- "
}