Minecon724/dn42-configs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
dn42-configs/nftables.conf
Minecon724 217eb988bd Add nftables.conf
2025-08-10 17:08:29 +02:00

26 lines
830 B
Text
Raw Permalink Blame History

#!/usr/sbin/nft -f
flush ruleset
table inet filter {
chain input {
type filter hook input priority filter; policy drop;
iif lo accept;
ct state established, related accept;
ct state invalid drop;
udp dport 20000-65535 accept comment "WireGuard";
tcp dport 22 iif vmh-ssh-vpn accept comment "SSH";
tcp dport 179 ip6 daddr fe80::129:1 accept comment "BGP";
udp dport 6696 ip6 saddr fe80::129:0/112 accept comment "Babel";
meta l4proto { icmp, ipv6-icmp } accept;
}
chain forward {
type filter hook forward priority filter; policy drop;
ip6 saddr fd00::/8 ip6 daddr fd00::/8 accept comment "dn42 forwarding";
}
}
Reference in a new issue View git blame Copy permalink