mirror of
https://github.com/GrapheneOS/infrastructure.git
synced 2024-12-22 13:45:02 -05:00
nftables: use numeric port format
This commit is contained in:
parent
01f9274fc4
commit
32074453eb
@ -7,7 +7,7 @@ table inet filter {
|
|||||||
type filter hook prerouting priority raw
|
type filter hook prerouting priority raw
|
||||||
|
|
||||||
iif lo notrack
|
iif lo notrack
|
||||||
tcp dport {ssh, http, https} notrack
|
tcp dport {22, 80, 443} notrack
|
||||||
ip protocol icmp notrack
|
ip protocol icmp notrack
|
||||||
meta l4proto ipv6-icmp notrack
|
meta l4proto ipv6-icmp notrack
|
||||||
}
|
}
|
||||||
@ -16,7 +16,7 @@ table inet filter {
|
|||||||
type filter hook output priority raw
|
type filter hook output priority raw
|
||||||
|
|
||||||
oif lo notrack
|
oif lo notrack
|
||||||
tcp sport {ssh, http, https} notrack
|
tcp sport {22, 80, 443} notrack
|
||||||
ip protocol icmp notrack
|
ip protocol icmp notrack
|
||||||
meta l4proto ipv6-icmp notrack
|
meta l4proto ipv6-icmp notrack
|
||||||
}
|
}
|
||||||
@ -26,7 +26,7 @@ table inet filter {
|
|||||||
policy drop
|
policy drop
|
||||||
|
|
||||||
iif lo accept
|
iif lo accept
|
||||||
tcp dport {ssh, http, https} accept
|
tcp dport {22, 80, 443} accept
|
||||||
ip protocol icmp accept
|
ip protocol icmp accept
|
||||||
meta l4proto ipv6-icmp accept
|
meta l4proto ipv6-icmp accept
|
||||||
|
|
||||||
|
@ -7,7 +7,7 @@ table inet filter {
|
|||||||
type filter hook prerouting priority raw
|
type filter hook prerouting priority raw
|
||||||
|
|
||||||
iif lo notrack
|
iif lo notrack
|
||||||
tcp dport {ssh, http, https} notrack
|
tcp dport {22, 80, 443} notrack
|
||||||
ip protocol icmp notrack
|
ip protocol icmp notrack
|
||||||
meta l4proto ipv6-icmp notrack
|
meta l4proto ipv6-icmp notrack
|
||||||
}
|
}
|
||||||
@ -16,7 +16,7 @@ table inet filter {
|
|||||||
type filter hook output priority raw
|
type filter hook output priority raw
|
||||||
|
|
||||||
oif lo notrack
|
oif lo notrack
|
||||||
tcp sport {ssh, http, https} notrack
|
tcp sport {22, 80, 443} notrack
|
||||||
ip protocol icmp notrack
|
ip protocol icmp notrack
|
||||||
meta l4proto ipv6-icmp notrack
|
meta l4proto ipv6-icmp notrack
|
||||||
}
|
}
|
||||||
@ -26,7 +26,7 @@ table inet filter {
|
|||||||
policy drop
|
policy drop
|
||||||
|
|
||||||
iif lo accept
|
iif lo accept
|
||||||
tcp dport {ssh, http, https} accept
|
tcp dport {22, 80, 443} accept
|
||||||
ip protocol icmp accept
|
ip protocol icmp accept
|
||||||
meta l4proto ipv6-icmp accept
|
meta l4proto ipv6-icmp accept
|
||||||
|
|
||||||
|
@ -7,8 +7,8 @@ table inet filter {
|
|||||||
type filter hook prerouting priority raw
|
type filter hook prerouting priority raw
|
||||||
|
|
||||||
iif lo notrack
|
iif lo notrack
|
||||||
udp dport domain notrack
|
udp dport 53 notrack
|
||||||
tcp dport {ssh, domain} notrack
|
tcp dport {22, 53} notrack
|
||||||
ip protocol icmp notrack
|
ip protocol icmp notrack
|
||||||
meta l4proto ipv6-icmp notrack
|
meta l4proto ipv6-icmp notrack
|
||||||
}
|
}
|
||||||
@ -17,8 +17,8 @@ table inet filter {
|
|||||||
type filter hook output priority raw
|
type filter hook output priority raw
|
||||||
|
|
||||||
oif lo notrack
|
oif lo notrack
|
||||||
udp sport domain notrack
|
udp sport 53 notrack
|
||||||
tcp sport {ssh, domain} notrack
|
tcp sport {22, 53} notrack
|
||||||
ip protocol icmp notrack
|
ip protocol icmp notrack
|
||||||
meta l4proto ipv6-icmp notrack
|
meta l4proto ipv6-icmp notrack
|
||||||
}
|
}
|
||||||
@ -28,8 +28,8 @@ table inet filter {
|
|||||||
policy drop
|
policy drop
|
||||||
|
|
||||||
iif lo accept
|
iif lo accept
|
||||||
udp dport domain accept
|
udp dport 53 accept
|
||||||
tcp dport {ssh, domain} accept
|
tcp dport {22, 53} accept
|
||||||
ip protocol icmp accept
|
ip protocol icmp accept
|
||||||
meta l4proto ipv6-icmp accept
|
meta l4proto ipv6-icmp accept
|
||||||
|
|
||||||
|
@ -7,7 +7,7 @@ table inet filter {
|
|||||||
type filter hook prerouting priority raw
|
type filter hook prerouting priority raw
|
||||||
|
|
||||||
iif lo notrack
|
iif lo notrack
|
||||||
tcp dport {ssh, smtp, http, submissions, imaps} notrack
|
tcp dport {22, 25, 80, 465, 993} notrack
|
||||||
ip protocol icmp notrack
|
ip protocol icmp notrack
|
||||||
meta l4proto ipv6-icmp notrack
|
meta l4proto ipv6-icmp notrack
|
||||||
}
|
}
|
||||||
@ -16,7 +16,7 @@ table inet filter {
|
|||||||
type filter hook output priority raw
|
type filter hook output priority raw
|
||||||
|
|
||||||
oif lo notrack
|
oif lo notrack
|
||||||
tcp sport {ssh, smtp, http, submissions, imaps} notrack
|
tcp sport {22, 25, 80, 465, 993} notrack
|
||||||
ip protocol icmp notrack
|
ip protocol icmp notrack
|
||||||
meta l4proto ipv6-icmp notrack
|
meta l4proto ipv6-icmp notrack
|
||||||
}
|
}
|
||||||
@ -26,7 +26,7 @@ table inet filter {
|
|||||||
policy drop
|
policy drop
|
||||||
|
|
||||||
iif lo accept
|
iif lo accept
|
||||||
tcp dport {ssh, smtp, http, submissions, imaps} accept
|
tcp dport {22, 25, 80, 465, 993} accept
|
||||||
ip protocol icmp accept
|
ip protocol icmp accept
|
||||||
meta l4proto ipv6-icmp accept
|
meta l4proto ipv6-icmp accept
|
||||||
|
|
||||||
|
@ -7,7 +7,7 @@ table inet filter {
|
|||||||
type filter hook prerouting priority raw
|
type filter hook prerouting priority raw
|
||||||
|
|
||||||
iif lo notrack
|
iif lo notrack
|
||||||
tcp dport {ssh, http, https} notrack
|
tcp dport {22, 80, 443} notrack
|
||||||
ip protocol icmp notrack
|
ip protocol icmp notrack
|
||||||
meta l4proto ipv6-icmp notrack
|
meta l4proto ipv6-icmp notrack
|
||||||
}
|
}
|
||||||
@ -16,7 +16,7 @@ table inet filter {
|
|||||||
type filter hook output priority raw
|
type filter hook output priority raw
|
||||||
|
|
||||||
oif lo notrack
|
oif lo notrack
|
||||||
tcp sport {ssh, http, https} notrack
|
tcp sport {22, 80, 443} notrack
|
||||||
ip protocol icmp notrack
|
ip protocol icmp notrack
|
||||||
meta l4proto ipv6-icmp notrack
|
meta l4proto ipv6-icmp notrack
|
||||||
}
|
}
|
||||||
@ -26,7 +26,7 @@ table inet filter {
|
|||||||
policy drop
|
policy drop
|
||||||
|
|
||||||
iif lo accept
|
iif lo accept
|
||||||
tcp dport {ssh, http, https} accept
|
tcp dport {22, 80, 443} accept
|
||||||
ip protocol icmp accept
|
ip protocol icmp accept
|
||||||
meta l4proto ipv6-icmp accept
|
meta l4proto ipv6-icmp accept
|
||||||
|
|
||||||
|
@ -7,7 +7,7 @@ table inet filter {
|
|||||||
type filter hook prerouting priority raw
|
type filter hook prerouting priority raw
|
||||||
|
|
||||||
iif lo notrack
|
iif lo notrack
|
||||||
tcp dport {ssh, http, https} notrack
|
tcp dport {22, 80, 443} notrack
|
||||||
ip protocol icmp notrack
|
ip protocol icmp notrack
|
||||||
meta l4proto ipv6-icmp notrack
|
meta l4proto ipv6-icmp notrack
|
||||||
}
|
}
|
||||||
@ -16,7 +16,7 @@ table inet filter {
|
|||||||
type filter hook output priority raw
|
type filter hook output priority raw
|
||||||
|
|
||||||
oif lo notrack
|
oif lo notrack
|
||||||
tcp sport {ssh, http, https} notrack
|
tcp sport {22, 80, 443} notrack
|
||||||
ip protocol icmp notrack
|
ip protocol icmp notrack
|
||||||
meta l4proto ipv6-icmp notrack
|
meta l4proto ipv6-icmp notrack
|
||||||
}
|
}
|
||||||
@ -26,7 +26,7 @@ table inet filter {
|
|||||||
policy drop
|
policy drop
|
||||||
|
|
||||||
iif lo accept
|
iif lo accept
|
||||||
tcp dport {ssh, http, https} accept
|
tcp dport {22, 80, 443} accept
|
||||||
ip protocol icmp accept
|
ip protocol icmp accept
|
||||||
meta l4proto ipv6-icmp accept
|
meta l4proto ipv6-icmp accept
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user