Nft-3
Version vom 13. September 2022, 17:14 Uhr von Thomas.will (Diskussion | Beiträge) (Die Seite wurde neu angelegt: „<pre> table ip filter { chain INPUT { type filter hook input priority filter; policy drop; ct state established,related counter packets 23 bytes 1672 acce…“)
table ip filter {
chain INPUT {
type filter hook input priority filter; policy drop;
ct state established,related counter packets 23 bytes 1672 accept
iifname "lo" ct state new counter packets 0 bytes 0 accept
tcp dport 22 ct state new counter packets 0 bytes 0 accept
icmp type echo-request ct state new counter packets 0 bytes 0 accept
counter packets 2 bytes 493 log prefix "--iptables-drop-in--"
}
chain OUTPUT {
type filter hook output priority filter; policy drop;
ct state established,related counter packets 12 bytes 1664 accept
ct state new counter packets 0 bytes 0 accept
counter packets 0 bytes 0 log prefix "--iptables-drop-out--"
}
chain FORWARD {
type filter hook forward priority filter; policy drop;
ct state established,related counter packets 0 bytes 0 accept
iifname "ens19" oifname "eth0" ip saddr 10.82.243.0/24 icmp type echo-request ct state new counter packets 0 bytes 0 accept
iifname "ens19" oifname "eth0" ip saddr 10.82.243.0/24 tcp dport 53 ct state new counter packets 0 bytes 0 accept
iifname "ens19" oifname "eth0" ip saddr 10.82.243.0/24 udp dport 53 ct state new counter packets 0 bytes 0 accept
counter packets 0 bytes 0 log prefix "--iptables-drop-for--"
}
}