mirror of
https://github.com/GrapheneOS/infrastructure.git
synced 2024-09-27 19:15:43 +00:00
nftables: use numeric port format
This commit is contained in:
Daniel Micay
parent
01f9274fc4
commit
32074453eb
@ -7,7 +7,7 @@ table inet filter {
|
||||
type filter hook prerouting priority raw
|
||||
|
||||
iif lo notrack
|
||||
tcp dport {ssh, http, https} notrack
|
||||
tcp dport {22, 80, 443} notrack
|
||||
ip protocol icmp notrack
|
||||
meta l4proto ipv6-icmp notrack
|
||||
}
|
||||
@ -16,7 +16,7 @@ table inet filter {
|
||||
type filter hook output priority raw
|
||||
|
||||
oif lo notrack
|
||||
tcp sport {ssh, http, https} notrack
|
||||
tcp sport {22, 80, 443} notrack
|
||||
ip protocol icmp notrack
|
||||
meta l4proto ipv6-icmp notrack
|
||||
}
|
||||
@ -26,7 +26,7 @@ table inet filter {
|
||||
policy drop
|
||||
|
||||
iif lo accept
|
||||
tcp dport {ssh, http, https} accept
|
||||
tcp dport {22, 80, 443} accept
|
||||
ip protocol icmp accept
|
||||
meta l4proto ipv6-icmp accept
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@ table inet filter {
|
||||
type filter hook prerouting priority raw
|
||||
|
||||
iif lo notrack
|
||||
tcp dport {ssh, http, https} notrack
|
||||
tcp dport {22, 80, 443} notrack
|
||||
ip protocol icmp notrack
|
||||
meta l4proto ipv6-icmp notrack
|
||||
}
|
||||
@ -16,7 +16,7 @@ table inet filter {
|
||||
type filter hook output priority raw
|
||||
|
||||
oif lo notrack
|
||||
tcp sport {ssh, http, https} notrack
|
||||
tcp sport {22, 80, 443} notrack
|
||||
ip protocol icmp notrack
|
||||
meta l4proto ipv6-icmp notrack
|
||||
}
|
||||
@ -26,7 +26,7 @@ table inet filter {
|
||||
policy drop
|
||||
|
||||
iif lo accept
|
||||
tcp dport {ssh, http, https} accept
|
||||
tcp dport {22, 80, 443} accept
|
||||
ip protocol icmp accept
|
||||
meta l4proto ipv6-icmp accept
|
||||
|
||||
|
||||
@ -7,8 +7,8 @@ table inet filter {
|
||||
type filter hook prerouting priority raw
|
||||
|
||||
iif lo notrack
|
||||
udp dport domain notrack
|
||||
tcp dport {ssh, domain} notrack
|
||||
udp dport 53 notrack
|
||||
tcp dport {22, 53} notrack
|
||||
ip protocol icmp notrack
|
||||
meta l4proto ipv6-icmp notrack
|
||||
}
|
||||
@ -17,8 +17,8 @@ table inet filter {
|
||||
type filter hook output priority raw
|
||||
|
||||
oif lo notrack
|
||||
udp sport domain notrack
|
||||
tcp sport {ssh, domain} notrack
|
||||
udp sport 53 notrack
|
||||
tcp sport {22, 53} notrack
|
||||
ip protocol icmp notrack
|
||||
meta l4proto ipv6-icmp notrack
|
||||
}
|
||||
@ -28,8 +28,8 @@ table inet filter {
|
||||
policy drop
|
||||
|
||||
iif lo accept
|
||||
udp dport domain accept
|
||||
tcp dport {ssh, domain} accept
|
||||
udp dport 53 accept
|
||||
tcp dport {22, 53} accept
|
||||
ip protocol icmp accept
|
||||
meta l4proto ipv6-icmp accept
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@ table inet filter {
|
||||
type filter hook prerouting priority raw
|
||||
|
||||
iif lo notrack
|
||||
tcp dport {ssh, smtp, http, submissions, imaps} notrack
|
||||
tcp dport {22, 25, 80, 465, 993} notrack
|
||||
ip protocol icmp notrack
|
||||
meta l4proto ipv6-icmp notrack
|
||||
}
|
||||
@ -16,7 +16,7 @@ table inet filter {
|
||||
type filter hook output priority raw
|
||||
|
||||
oif lo notrack
|
||||
tcp sport {ssh, smtp, http, submissions, imaps} notrack
|
||||
tcp sport {22, 25, 80, 465, 993} notrack
|
||||
ip protocol icmp notrack
|
||||
meta l4proto ipv6-icmp notrack
|
||||
}
|
||||
@ -26,7 +26,7 @@ table inet filter {
|
||||
policy drop
|
||||
|
||||
iif lo accept
|
||||
tcp dport {ssh, smtp, http, submissions, imaps} accept
|
||||
tcp dport {22, 25, 80, 465, 993} accept
|
||||
ip protocol icmp accept
|
||||
meta l4proto ipv6-icmp accept
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@ table inet filter {
|
||||
type filter hook prerouting priority raw
|
||||
|
||||
iif lo notrack
|
||||
tcp dport {ssh, http, https} notrack
|
||||
tcp dport {22, 80, 443} notrack
|
||||
ip protocol icmp notrack
|
||||
meta l4proto ipv6-icmp notrack
|
||||
}
|
||||
@ -16,7 +16,7 @@ table inet filter {
|
||||
type filter hook output priority raw
|
||||
|
||||
oif lo notrack
|
||||
tcp sport {ssh, http, https} notrack
|
||||
tcp sport {22, 80, 443} notrack
|
||||
ip protocol icmp notrack
|
||||
meta l4proto ipv6-icmp notrack
|
||||
}
|
||||
@ -26,7 +26,7 @@ table inet filter {
|
||||
policy drop
|
||||
|
||||
iif lo accept
|
||||
tcp dport {ssh, http, https} accept
|
||||
tcp dport {22, 80, 443} accept
|
||||
ip protocol icmp accept
|
||||
meta l4proto ipv6-icmp accept
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@ table inet filter {
|
||||
type filter hook prerouting priority raw
|
||||
|
||||
iif lo notrack
|
||||
tcp dport {ssh, http, https} notrack
|
||||
tcp dport {22, 80, 443} notrack
|
||||
ip protocol icmp notrack
|
||||
meta l4proto ipv6-icmp notrack
|
||||
}
|
||||
@ -16,7 +16,7 @@ table inet filter {
|
||||
type filter hook output priority raw
|
||||
|
||||
oif lo notrack
|
||||
tcp sport {ssh, http, https} notrack
|
||||
tcp sport {22, 80, 443} notrack
|
||||
ip protocol icmp notrack
|
||||
meta l4proto ipv6-icmp notrack
|
||||
}
|
||||
@ -26,7 +26,7 @@ table inet filter {
|
||||
policy drop
|
||||
|
||||
iif lo accept
|
||||
tcp dport {ssh, http, https} accept
|
||||
tcp dport {22, 80, 443} accept
|
||||
ip protocol icmp accept
|
||||
meta l4proto ipv6-icmp accept
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user