From 27cf08e40e7d57e74878c58aab5f4427c8078817 Mon Sep 17 00:00:00 2001
From: Arun Isaac
Date: Wed, 24 Sep 2025 11:31:29 +0100
Subject: steel: Add nftables firewall.

---
 steel-nftables.conf | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 steel-nftables.conf

(limited to 'steel-nftables.conf')

diff --git a/steel-nftables.conf b/steel-nftables.conf
new file mode 100644
index 0000000..e5d379c
--- /dev/null
+++ b/steel-nftables.conf
@@ -0,0 +1,12 @@
+table ip filter {
+  chain input {
+    # Drop all traffic by default.
+    type filter hook input priority 0; policy drop;
+    # Allow traffic from established connections.
+    ct state vmap { established: accept, related: accept, invalid: drop }
+    # Allow loopback traffic.
+    iifname lo accept
+    # Allow 8080 for occasional darkhttpd use.
+    tcp dport 8080 accept
+  }
+}
\ No newline at end of file
-- 
cgit 1.4.1