33 lines
964 B
Django/Jinja
33 lines
964 B
Django/Jinja
#{{ ansible_managed }}
|
|
|
|
#!/usr/sbin/nft -f
|
|
|
|
flush ruleset
|
|
|
|
table inet filter {
|
|
chain input {
|
|
type filter hook input priority 0; policy drop;
|
|
iifname lo accept;
|
|
|
|
tcp dport 22 accept;
|
|
icmp type echo-request accept;
|
|
# established/related connections
|
|
ct state established,related accept
|
|
}
|
|
chain forward {
|
|
type filter hook forward priority 0; policy drop;
|
|
}
|
|
chain output {
|
|
type filter hook output priority 0; policy drop;
|
|
|
|
iifname lo accept;
|
|
tcp dport 22 accept;
|
|
tcp dport {80, 443, 9200} accept;
|
|
tcp dport {53, 123} accept;
|
|
udp dport {53, 123, 1514} accept;
|
|
icmp type echo-request accept;
|
|
# established/related connections
|
|
ct state established,related accept;
|
|
}
|
|
}
|