Vorlage:Input.conf: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| Zeile 9: | Zeile 9: | ||
ct state new iif $WANDEV ip saddr $HOST tcp dport 22 accept | ct state new iif $WANDEV ip saddr $HOST tcp dport 22 accept | ||
ct state new icmp type echo-request accept | ct state new icmp type echo-request accept | ||
| + | ct state new iif $LANDEV udp dport 67 accept | ||
log prefix " --nftables-drop-input-- " | log prefix " --nftables-drop-input-- " | ||
} | } | ||
</pre> | </pre> | ||
Aktuelle Version vom 22. Mai 2026, 09:23 Uhr
chain input {
type filter hook input priority filter; policy drop;
ct state established,related accept
ct state new iif "lo" accept
ct state new iif $DMZDEV ip saddr $DMZ tcp dport 22 accept
ct state new iif $LANDEV ip saddr $LAN tcp dport 22 accept
ct state new iif $SERVERDEV ip saddr $SERVER tcp dport 22 accept
ct state new iif $WANDEV ip saddr $HOST tcp dport 22 accept
ct state new icmp type echo-request accept
ct state new iif $LANDEV udp dport 67 accept
log prefix " --nftables-drop-input-- "
}