fix nftables.conf

master
lub 5 years ago
parent 6a3c2c42bc
commit 8e0a34ac5d

@ -2,36 +2,36 @@
flush ruleset flush ruleset
table inet filter { table ip filter {
chain input { chain input {
type filter hook input priority 0; type filter hook input priority 0;
policy drop; policy drop;
# allow already established connections (e.g. initiated by this host) # allow already established connections (e.g. initiated by this host)
add rule ip filter INPUT ct state related,established counter accept ct state related,established counter accept
# allow ICMP # allow ICMP
add rule ip filter INPUT ip protocol icmp counter accept ip protocol icmp counter accept
# allow anything on localhost # allow anything on localhost
add rule ip filter INPUT iifname "lo" counter accept iifname "lo" counter accept
# allow SSH for remote management # allow SSH for remote management
add rule ip filter INPUT tcp dport 22 counter accept tcp dport 22 counter accept
## docker ## docker
# cluster management communications # cluster management communications
add rule ip filter INPUT tcp dport 2377 counter accept tcp dport 2377 counter accept
# communication among nodes # communication among nodes
add rule ip filter INPUT tcp dport 7946 counter accept tcp dport 7946 counter accept
add rule ip filter INPUT udp dport 7946 counter accept udp dport 7946 counter accept
# overlay network traffic # overlay network traffic
add rule ip filter INPUT udp dport 4789 counter accept udp dport 4789 counter accept
} }
chain forward { chain forward {
type filter hook forward priority 0; type filter hook forward priority 0;

Loading…
Cancel
Save