hetzner/nftables.conf at c373c5a76d3a7cd590e8c2312c9bbd7adfc85d7d · pci.express/dotfiles

pci.express / dotfiles

My NixOS dotfiles

dotfiles / hetzner / nftables.conf

at c373c5a76d3a7cd590e8c2312c9bbd7adfc85d7d 729 B view raw

 1flush ruleset
 2
 3define wan_iface = "enp1s0"
 4
 5table inet filter {
 6  chain inbound_wan {
 7    icmp type echo-request limit rate 5/second accept
 8    tcp dport { 22, 80, 443 } accept
 9    udp dport { 12345 } accept
10    icmpv6 type { nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert } accept
11    icmpv6 type echo-request limit rate 5/second accept
12  }
13
14  chain input {
15    type filter hook input priority 0
16    policy drop
17
18    ct state vmap { invalid : drop, established : accept, related : accept }
19
20    iifname vmap { lo : accept, $wan_iface: jump inbound_wan }
21  }
22
23  chain forward {
24    type filter hook forward priority 0
25    policy drop
26
27    ct state vmap { established : accept, related : accept, invalid : drop }
28  }
29}