add firewall rules in nftables.conf

master
lub 5 years ago
parent 6f14e7eb29
commit 0f670a3383

@ -0,0 +1,44 @@
#!/usr/sbin/nft -f
flush ruleset
table inet filter {
chain input {
type filter hook input priority 0;
policy drop;
# allow already established connections (e.g. initiated by this host)
add rule ip filter INPUT ct state related,established counter accept
# allow ICMP
add rule ip filter INPUT ip protocol icmp counter accept
# allow anything on localhost
add rule ip filter INPUT iifname "lo" counter accept
# allow SSH for remote management
add rule ip filter INPUT tcp dport 22 counter accept
## docker
# cluster management communications
add rule ip filter INPUT tcp dport 2377 counter accept
# communication among nodes
add rule ip filter INPUT tcp dport 7946 counter accept
add rule ip filter INPUT udp dport 7946 counter accept
# overlay network traffic
add rule ip filter INPUT udp dport 4789 counter accept
}
chain forward {
type filter hook forward priority 0;
policy drop;
}
chain output {
type filter hook output priority 0;
policy accept;
}
}
Loading…
Cancel
Save