История изменений
Исправление Dr64h, (текущая версия) :
Вот минимальный рабочий конфиг:
#!/sbin/nft -f
flush ruleset
table firewall {
chain incoming {
type filter hook input priority 0; policy drop;
# established/related connections
ct state established,related accept
# loopback interface
iifname lo accept
# icmp
icmp type echo-request accept
# kdeconnectd ports
tcp dport 1714-1764 accept
udp dport 1714-1764 accept
}
}
table ip6 firewall {
chain incoming {
type filter hook input priority 0; policy drop;
# established/related connections
ct state established,related accept
# invalid connections
ct state invalid drop
# loopback interface
iifname lo accept
# icmp
# routers may also want: mld-listener-query, nd-router-solicit
icmpv6 type { echo-request, nd-neighbor-solicit } accept
}
}
Исходная версия Dr64h, :
Вот минимальный рабочий конфиг:
#!/sbin/nft -f
flush ruleset
table firewall {
chain incoming {
type filter hook input priority 0; policy drop;
# established/related connections
ct state established,related accept
# loopback interface
iifname lo accept
# icmp
icmp type echo-request accept
# kdeconnectd ports
tcp dport 1714-1764 accept
udp dport 1714-1764 accept
}
}
table ip6 firewall {
chain incoming {
type filter hook input priority 0; policy drop;
# established/related connections
ct state established,related accept
# invalid connections
ct state invalid drop
# loopback interface
iifname lo accept
# icmp
# routers may also want: mld-listener-query, nd-router-solicit
icmpv6 type { echo-request, nd-neighbor-solicit } accept
}
}