Vorlage:Input-output.conf: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| Zeile 1: | Zeile 1: | ||
| + | <pre> | ||
flush ruleset | flush ruleset | ||
table inet filter { | table inet filter { | ||
| Zeile 21: | Zeile 22: | ||
} | } | ||
} | } | ||
| + | </pre> | ||
Version vom 7. Mai 2026, 14:59 Uhr
flush ruleset
table inet filter {
chain input {
type filter hook input priority filter; policy drop;
ct state established,related accept
ct state new iif "lo" accept
ct state new iif "enp0s8" ip saddr 10.88.213.0/24 tcp dport 22 accept
ct state new iif "enp0s9" ip saddr 172.26.213.0/24 tcp dport 22 accept
ct state new iif "enp0s10" ip saddr 10.213.1.0/24 tcp dport 22 accept
ct state new iif "enp0s3" ip saddr 192.168.6.200 tcp dport 22 accept
ct state new icmp type echo-request accept
log prefix " --nftables-drop-input-- "
}
chain output {
type filter hook output priority filter; policy drop;
ct state established,related accept
ct state new oif "lo" accept
ct state new accept
log prefix " --nftables-drop-output-- "
}
}