From 32074453eb2cea87b26a1134a9b9edb37c0ac598 Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Thu, 30 Jun 2022 06:58:20 -0400 Subject: [PATCH] nftables: use numeric port format --- nftables-attestation.conf | 6 +++--- nftables-discuss.conf | 6 +++--- nftables-dns.conf | 12 ++++++------ nftables-mail.conf | 6 +++--- nftables-matrix.conf | 6 +++--- nftables-web.conf | 6 +++--- 6 files changed, 21 insertions(+), 21 deletions(-) diff --git a/nftables-attestation.conf b/nftables-attestation.conf index 79f5e6e..aa993a3 100644 --- a/nftables-attestation.conf +++ b/nftables-attestation.conf @@ -7,7 +7,7 @@ table inet filter { type filter hook prerouting priority raw iif lo notrack - tcp dport {ssh, http, https} notrack + tcp dport {22, 80, 443} notrack ip protocol icmp notrack meta l4proto ipv6-icmp notrack } @@ -16,7 +16,7 @@ table inet filter { type filter hook output priority raw oif lo notrack - tcp sport {ssh, http, https} notrack + tcp sport {22, 80, 443} notrack ip protocol icmp notrack meta l4proto ipv6-icmp notrack } @@ -26,7 +26,7 @@ table inet filter { policy drop iif lo accept - tcp dport {ssh, http, https} accept + tcp dport {22, 80, 443} accept ip protocol icmp accept meta l4proto ipv6-icmp accept diff --git a/nftables-discuss.conf b/nftables-discuss.conf index 061d8f1..9ae9706 100644 --- a/nftables-discuss.conf +++ b/nftables-discuss.conf @@ -7,7 +7,7 @@ table inet filter { type filter hook prerouting priority raw iif lo notrack - tcp dport {ssh, http, https} notrack + tcp dport {22, 80, 443} notrack ip protocol icmp notrack meta l4proto ipv6-icmp notrack } @@ -16,7 +16,7 @@ table inet filter { type filter hook output priority raw oif lo notrack - tcp sport {ssh, http, https} notrack + tcp sport {22, 80, 443} notrack ip protocol icmp notrack meta l4proto ipv6-icmp notrack } @@ -26,7 +26,7 @@ table inet filter { policy drop iif lo accept - tcp dport {ssh, http, https} accept + tcp dport {22, 80, 443} accept ip protocol icmp accept meta l4proto ipv6-icmp accept diff --git a/nftables-dns.conf b/nftables-dns.conf index 15bd396..82e7496 100644 --- a/nftables-dns.conf +++ b/nftables-dns.conf @@ -7,8 +7,8 @@ table inet filter { type filter hook prerouting priority raw iif lo notrack - udp dport domain notrack - tcp dport {ssh, domain} notrack + udp dport 53 notrack + tcp dport {22, 53} notrack ip protocol icmp notrack meta l4proto ipv6-icmp notrack } @@ -17,8 +17,8 @@ table inet filter { type filter hook output priority raw oif lo notrack - udp sport domain notrack - tcp sport {ssh, domain} notrack + udp sport 53 notrack + tcp sport {22, 53} notrack ip protocol icmp notrack meta l4proto ipv6-icmp notrack } @@ -28,8 +28,8 @@ table inet filter { policy drop iif lo accept - udp dport domain accept - tcp dport {ssh, domain} accept + udp dport 53 accept + tcp dport {22, 53} accept ip protocol icmp accept meta l4proto ipv6-icmp accept diff --git a/nftables-mail.conf b/nftables-mail.conf index f4b2582..609e2f2 100644 --- a/nftables-mail.conf +++ b/nftables-mail.conf @@ -7,7 +7,7 @@ table inet filter { type filter hook prerouting priority raw iif lo notrack - tcp dport {ssh, smtp, http, submissions, imaps} notrack + tcp dport {22, 25, 80, 465, 993} notrack ip protocol icmp notrack meta l4proto ipv6-icmp notrack } @@ -16,7 +16,7 @@ table inet filter { type filter hook output priority raw oif lo notrack - tcp sport {ssh, smtp, http, submissions, imaps} notrack + tcp sport {22, 25, 80, 465, 993} notrack ip protocol icmp notrack meta l4proto ipv6-icmp notrack } @@ -26,7 +26,7 @@ table inet filter { policy drop iif lo accept - tcp dport {ssh, smtp, http, submissions, imaps} accept + tcp dport {22, 25, 80, 465, 993} accept ip protocol icmp accept meta l4proto ipv6-icmp accept diff --git a/nftables-matrix.conf b/nftables-matrix.conf index bbdf6ba..09d5e65 100644 --- a/nftables-matrix.conf +++ b/nftables-matrix.conf @@ -7,7 +7,7 @@ table inet filter { type filter hook prerouting priority raw iif lo notrack - tcp dport {ssh, http, https} notrack + tcp dport {22, 80, 443} notrack ip protocol icmp notrack meta l4proto ipv6-icmp notrack } @@ -16,7 +16,7 @@ table inet filter { type filter hook output priority raw oif lo notrack - tcp sport {ssh, http, https} notrack + tcp sport {22, 80, 443} notrack ip protocol icmp notrack meta l4proto ipv6-icmp notrack } @@ -26,7 +26,7 @@ table inet filter { policy drop iif lo accept - tcp dport {ssh, http, https} accept + tcp dport {22, 80, 443} accept ip protocol icmp accept meta l4proto ipv6-icmp accept diff --git a/nftables-web.conf b/nftables-web.conf index f40b01f..77484b3 100644 --- a/nftables-web.conf +++ b/nftables-web.conf @@ -7,7 +7,7 @@ table inet filter { type filter hook prerouting priority raw iif lo notrack - tcp dport {ssh, http, https} notrack + tcp dport {22, 80, 443} notrack ip protocol icmp notrack meta l4proto ipv6-icmp notrack } @@ -16,7 +16,7 @@ table inet filter { type filter hook output priority raw oif lo notrack - tcp sport {ssh, http, https} notrack + tcp sport {22, 80, 443} notrack ip protocol icmp notrack meta l4proto ipv6-icmp notrack } @@ -26,7 +26,7 @@ table inet filter { policy drop iif lo accept - tcp dport {ssh, http, https} accept + tcp dport {22, 80, 443} accept ip protocol icmp accept meta l4proto ipv6-icmp accept