diff options
| author | Arun Isaac | 2025-09-24 11:31:29 +0100 |
|---|---|---|
| committer | Arun Isaac | 2025-09-24 12:14:58 +0100 |
| commit | 27cf08e40e7d57e74878c58aab5f4427c8078817 (patch) | |
| tree | 3a8917d26944b441fffcc089dc67e1cfdc65cd5f /steel-nftables.conf | |
| parent | 0789ed7b30807095c87400b6faec173143eba802 (diff) | |
| download | machines-27cf08e40e7d57e74878c58aab5f4427c8078817.tar.gz machines-27cf08e40e7d57e74878c58aab5f4427c8078817.tar.lz machines-27cf08e40e7d57e74878c58aab5f4427c8078817.zip | |
steel: Add nftables firewall.
Diffstat (limited to 'steel-nftables.conf')
| -rw-r--r-- | steel-nftables.conf | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/steel-nftables.conf b/steel-nftables.conf new file mode 100644 index 0000000..e5d379c --- /dev/null +++ b/steel-nftables.conf @@ -0,0 +1,12 @@ +table ip filter { + chain input { + # Drop all traffic by default. + type filter hook input priority 0; policy drop; + # Allow traffic from established connections. + ct state vmap { established: accept, related: accept, invalid: drop } + # Allow loopback traffic. + iifname lo accept + # Allow 8080 for occasional darkhttpd use. + tcp dport 8080 accept + } +} \ No newline at end of file |