2024-01-08 14:07:20 -05:00
|
|
|
#!/usr/sbin/nft -f
|
|
|
|
|
# vim: ft=nftables
|
|
|
|
|
|
|
|
|
|
# SPDX-FileCopyrightText: 2022 unman <unman@thirdeyesecurity.org>
|
|
|
|
|
# SPDX-FileCopyrightText: 2023 1cho1ce <https://github.com/1cho1ce>
|
2024-01-29 10:49:54 -05:00
|
|
|
# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
|
2024-01-08 14:07:20 -05:00
|
|
|
#
|
|
|
|
|
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
|
|
|
|
|
|
|
|
add chain ip qubes output { type filter hook output priority 0; policy accept; }
|
|
|
|
|
add chain ip6 qubes output { type filter hook output priority 0; policy accept; }
|
|
|
|
|
|
2024-06-19 09:08:03 -04:00
|
|
|
flush chain ip qubes custom-forward
|
|
|
|
|
flush chain ip6 qubes custom-forward
|
2024-01-08 14:07:20 -05:00
|
|
|
insert rule ip qubes custom-forward iifgroup 1 drop
|
|
|
|
|
insert rule ip6 qubes custom-forward iifgroup 1 drop
|
2024-06-19 09:08:03 -04:00
|
|
|
insert rule ip qubes custom-forward oifgroup 1 drop
|
|
|
|
|
insert rule ip6 qubes custom-forward oifgroup 1 drop
|
2024-01-08 14:07:20 -05:00
|
|
|
|
|
|
|
|
insert rule ip qubes custom-input meta l4proto icmp drop
|
|
|
|
|
insert rule ip6 qubes custom-input meta l4proto icmp drop
|
|
|
|
|
insert rule ip qubes output oifgroup 1 meta l4proto icmp drop
|
|
|
|
|
insert rule ip6 qubes output oifgroup 1 meta l4proto icmp drop
|
