reorganize nftables rules

This commit is contained in:
Daniel Micay 2024-04-05 19:14:05 -04:00
parent cf274f34d7
commit a6b9fa782b
9 changed files with 73 additions and 73 deletions

View File

@ -47,14 +47,6 @@ table inet filter {
meta l4proto { icmp, ipv6-icmp } notrack accept meta l4proto { icmp, ipv6-icmp } notrack accept
} }
chain output-raw {
type filter hook output priority raw
oif lo notrack accept
tcp sport 443 notrack accept
meta l4proto { icmp, ipv6-icmp } notrack accept
}
chain input { chain input {
type filter hook input priority filter type filter hook input priority filter
policy drop policy drop
@ -85,6 +77,14 @@ table inet filter {
policy drop policy drop
} }
chain output-raw {
type filter hook output priority raw
oif lo notrack accept
tcp sport 443 notrack accept
meta l4proto { icmp, ipv6-icmp } notrack accept
}
chain output { chain output {
type filter hook output priority filter type filter hook output priority filter

View File

@ -50,14 +50,6 @@ table inet filter {
meta l4proto { icmp, ipv6-icmp } notrack accept meta l4proto { icmp, ipv6-icmp } notrack accept
} }
chain output-raw {
type filter hook output priority raw
oif lo notrack accept
tcp sport 443 notrack accept
meta l4proto { icmp, ipv6-icmp } notrack accept
}
chain input { chain input {
type filter hook input priority filter type filter hook input priority filter
policy drop policy drop
@ -88,6 +80,14 @@ table inet filter {
policy drop policy drop
} }
chain output-raw {
type filter hook output priority raw
oif lo notrack accept
tcp sport 443 notrack accept
meta l4proto { icmp, ipv6-icmp } notrack accept
}
chain output { chain output {
type filter hook output priority filter type filter hook output priority filter

View File

@ -47,14 +47,6 @@ table inet filter {
meta l4proto { icmp, ipv6-icmp } notrack accept meta l4proto { icmp, ipv6-icmp } notrack accept
} }
chain output-raw {
type filter hook output priority raw
oif lo notrack accept
tcp sport { 25, 465, 993 } notrack accept
meta l4proto { icmp, ipv6-icmp } notrack accept
}
chain input { chain input {
type filter hook input priority filter type filter hook input priority filter
policy drop policy drop
@ -85,6 +77,14 @@ table inet filter {
policy drop policy drop
} }
chain output-raw {
type filter hook output priority raw
oif lo notrack accept
tcp sport { 25, 465, 993 } notrack accept
meta l4proto { icmp, ipv6-icmp } notrack accept
}
chain output { chain output {
type filter hook output priority filter type filter hook output priority filter

View File

@ -47,14 +47,6 @@ table inet filter {
meta l4proto { icmp, ipv6-icmp } notrack accept meta l4proto { icmp, ipv6-icmp } notrack accept
} }
chain output-raw {
type filter hook output priority raw
oif lo notrack accept
tcp sport 443 notrack accept
meta l4proto { icmp, ipv6-icmp } notrack accept
}
chain input { chain input {
type filter hook input priority filter type filter hook input priority filter
policy drop policy drop
@ -85,6 +77,14 @@ table inet filter {
policy drop policy drop
} }
chain output-raw {
type filter hook output priority raw
oif lo notrack accept
tcp sport 443 notrack accept
meta l4proto { icmp, ipv6-icmp } notrack accept
}
chain output { chain output {
type filter hook output priority filter type filter hook output priority filter

View File

@ -50,15 +50,6 @@ table inet filter {
meta l4proto { icmp, ipv6-icmp } notrack accept meta l4proto { icmp, ipv6-icmp } notrack accept
} }
chain output-raw {
type filter hook output priority raw
oif lo notrack accept
tcp sport { 80, 443 } notrack accept
udp sport 123 notrack accept
meta l4proto { icmp, ipv6-icmp } notrack accept
}
chain input { chain input {
type filter hook input priority filter type filter hook input priority filter
policy drop policy drop
@ -90,6 +81,15 @@ table inet filter {
policy drop policy drop
} }
chain output-raw {
type filter hook output priority raw
oif lo notrack accept
tcp sport { 80, 443 } notrack accept
udp sport 123 notrack accept
meta l4proto { icmp, ipv6-icmp } notrack accept
}
chain output { chain output {
type filter hook output priority filter type filter hook output priority filter

View File

@ -47,14 +47,6 @@ table inet filter {
meta l4proto { icmp, ipv6-icmp } notrack accept meta l4proto { icmp, ipv6-icmp } notrack accept
} }
chain output-raw {
type filter hook output priority raw
oif lo notrack accept
udp sport 53 notrack accept
meta l4proto { icmp, ipv6-icmp } notrack accept
}
chain input { chain input {
type filter hook input priority filter type filter hook input priority filter
policy drop policy drop
@ -85,6 +77,14 @@ table inet filter {
policy drop policy drop
} }
chain output-raw {
type filter hook output priority raw
oif lo notrack accept
udp sport 53 notrack accept
meta l4proto { icmp, ipv6-icmp } notrack accept
}
chain output { chain output {
type filter hook output priority filter type filter hook output priority filter

View File

@ -52,14 +52,6 @@ table inet filter {
meta l4proto { icmp, ipv6-icmp } notrack accept meta l4proto { icmp, ipv6-icmp } notrack accept
} }
chain output-raw {
type filter hook output priority raw
oif lo notrack accept
udp sport 53 notrack accept
meta l4proto { icmp, ipv6-icmp } notrack accept
}
chain input { chain input {
type filter hook input priority filter type filter hook input priority filter
policy drop policy drop
@ -90,6 +82,14 @@ table inet filter {
policy drop policy drop
} }
chain output-raw {
type filter hook output priority raw
oif lo notrack accept
udp sport 53 notrack accept
meta l4proto { icmp, ipv6-icmp } notrack accept
}
chain output { chain output {
type filter hook output priority filter type filter hook output priority filter

View File

@ -47,14 +47,6 @@ table inet filter {
meta l4proto { icmp, ipv6-icmp } notrack accept meta l4proto { icmp, ipv6-icmp } notrack accept
} }
chain output-raw {
type filter hook output priority raw
oif lo notrack accept
tcp sport 443 notrack accept
meta l4proto { icmp, ipv6-icmp } notrack accept
}
chain input { chain input {
type filter hook input priority filter type filter hook input priority filter
policy drop policy drop
@ -85,6 +77,14 @@ table inet filter {
policy drop policy drop
} }
chain output-raw {
type filter hook output priority raw
oif lo notrack accept
tcp sport 443 notrack accept
meta l4proto { icmp, ipv6-icmp } notrack accept
}
chain output { chain output {
type filter hook output priority filter type filter hook output priority filter

View File

@ -51,14 +51,6 @@ table inet filter {
meta l4proto { icmp, ipv6-icmp } notrack accept meta l4proto { icmp, ipv6-icmp } notrack accept
} }
chain output-raw {
type filter hook output priority raw
oif lo notrack accept
tcp sport 443 notrack accept
meta l4proto { icmp, ipv6-icmp } notrack accept
}
chain input { chain input {
type filter hook input priority filter type filter hook input priority filter
policy drop policy drop
@ -89,6 +81,14 @@ table inet filter {
policy drop policy drop
} }
chain output-raw {
type filter hook output priority raw
oif lo notrack accept
tcp sport 443 notrack accept
meta l4proto { icmp, ipv6-icmp } notrack accept
}
chain output { chain output {
type filter hook output priority filter type filter hook output priority filter