qusal/salt/sys-pihole/files/server/firewall/update_nft.sh

22 lines
651 B
Bash
Raw Normal View History

2023-11-13 09:33:28 -05:00
#!/bin/sh
# SPDX-FileCopyrightText: 2022 - 2023 unman <unman@thirdeyesecurity.com>
# SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
#
# SPDX-License-Identifier: AGPL-3.0-or-later
set -eu
get_handle(){
my_handle=$(nft -a list table "$1" |
awk 'BEGIN{c0} /related,established/{c++; if (c==1) print $NF}')
echo "$my_handle"
}
nft insert rule filter FORWARD tcp dport 53 drop
nft insert rule filter FORWARD udp dport 53 drop
handle=$(get_handle filter)
nft add rule filter INPUT position "$handle" iifname "vif*" tcp dport 53 accept
nft add rule filter INPUT position "$handle" iifname "vif*" udp dport 53 accept