nftables: use notrack accept instead of notrack

This commit is contained in:
Daniel Micay 2022-07-21 17:31:16 -04:00
parent f7da683012
commit fdf21af1ae
6 changed files with 38 additions and 38 deletions

View File

@ -6,17 +6,17 @@ table inet filter {
chain prerouting-raw { chain prerouting-raw {
type filter hook prerouting priority raw type filter hook prerouting priority raw
iif lo notrack iif lo notrack accept
tcp dport {22, 80, 443} notrack tcp dport {22, 80, 443} notrack accept
meta l4proto {icmp, ipv6-icmp} notrack meta l4proto {icmp, ipv6-icmp} notrack accept
} }
chain output-raw { chain output-raw {
type filter hook output priority raw type filter hook output priority raw
oif lo notrack oif lo notrack accept
tcp sport {22, 80, 443} notrack tcp sport {22, 80, 443} notrack accept
meta l4proto {icmp, ipv6-icmp} notrack meta l4proto {icmp, ipv6-icmp} notrack accept
} }
chain input { chain input {

View File

@ -6,17 +6,17 @@ table inet filter {
chain prerouting-raw { chain prerouting-raw {
type filter hook prerouting priority raw type filter hook prerouting priority raw
iif lo notrack iif lo notrack accept
tcp dport {22, 80, 443} notrack tcp dport {22, 80, 443} notrack accept
meta l4proto {icmp, ipv6-icmp} notrack meta l4proto {icmp, ipv6-icmp} notrack accept
} }
chain output-raw { chain output-raw {
type filter hook output priority raw type filter hook output priority raw
oif lo notrack oif lo notrack accept
tcp sport {22, 80, 443} notrack tcp sport {22, 80, 443} notrack accept
meta l4proto {icmp, ipv6-icmp} notrack meta l4proto {icmp, ipv6-icmp} notrack accept
} }
chain input { chain input {

View File

@ -6,19 +6,19 @@ table inet filter {
chain prerouting-raw { chain prerouting-raw {
type filter hook prerouting priority raw type filter hook prerouting priority raw
iif lo notrack iif lo notrack accept
udp dport 53 notrack udp dport 53 notrack accept
tcp dport {22, 53} notrack tcp dport {22, 53} notrack accept
meta l4proto {icmp, ipv6-icmp} notrack meta l4proto {icmp, ipv6-icmp} notrack accept
} }
chain output-raw { chain output-raw {
type filter hook output priority raw type filter hook output priority raw
oif lo notrack oif lo notrack accept
udp sport 53 notrack udp sport 53 notrack accept
tcp sport {22, 53} notrack tcp sport {22, 53} notrack accept
meta l4proto {icmp, ipv6-icmp} notrack meta l4proto {icmp, ipv6-icmp} notrack accept
} }
chain input { chain input {

View File

@ -6,17 +6,17 @@ table inet filter {
chain prerouting-raw { chain prerouting-raw {
type filter hook prerouting priority raw type filter hook prerouting priority raw
iif lo notrack iif lo notrack accept
tcp dport {22, 25, 80, 465, 993} notrack tcp dport {22, 25, 80, 465, 993} notrack accept
meta l4proto {icmp, ipv6-icmp} notrack meta l4proto {icmp, ipv6-icmp} notrack accept
} }
chain output-raw { chain output-raw {
type filter hook output priority raw type filter hook output priority raw
oif lo notrack oif lo notrack accept
tcp sport {22, 25, 80, 465, 993} notrack tcp sport {22, 25, 80, 465, 993} notrack accept
meta l4proto {icmp, ipv6-icmp} notrack meta l4proto {icmp, ipv6-icmp} notrack accept
} }
chain input { chain input {

View File

@ -6,17 +6,17 @@ table inet filter {
chain prerouting-raw { chain prerouting-raw {
type filter hook prerouting priority raw type filter hook prerouting priority raw
iif lo notrack iif lo notrack accept
tcp dport {22, 80, 443} notrack tcp dport {22, 80, 443} notrack accept
meta l4proto {icmp, ipv6-icmp} notrack meta l4proto {icmp, ipv6-icmp} notrack accept
} }
chain output-raw { chain output-raw {
type filter hook output priority raw type filter hook output priority raw
oif lo notrack oif lo notrack accept
tcp sport {22, 80, 443} notrack tcp sport {22, 80, 443} notrack accept
meta l4proto {icmp, ipv6-icmp} notrack meta l4proto {icmp, ipv6-icmp} notrack accept
} }
chain input { chain input {

View File

@ -6,17 +6,17 @@ table inet filter {
chain prerouting-raw { chain prerouting-raw {
type filter hook prerouting priority raw type filter hook prerouting priority raw
iif lo notrack iif lo notrack accept
tcp dport {22, 80, 443} notrack tcp dport {22, 80, 443} notrack accept
meta l4proto {icmp, ipv6-icmp} notrack meta l4proto {icmp, ipv6-icmp} notrack accept
} }
chain output-raw { chain output-raw {
type filter hook output priority raw type filter hook output priority raw
oif lo notrack oif lo notrack accept
tcp sport {22, 80, 443} notrack tcp sport {22, 80, 443} notrack accept
meta l4proto {icmp, ipv6-icmp} notrack meta l4proto {icmp, ipv6-icmp} notrack accept
} }
chain input { chain input {