~tardypad/alpine-system

ref: f5c33bbbe26f4ed41b9466dc4effc8c6437418b4 alpine-system/builds/system-config/files/etc/nftables.nft -rw-r--r-- 1.0 KiB
f5c33bbbDamien Tardy-Panis system-config: enable IP forwarding 5 months ago
                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
#!/usr/sbin/nft -f

flush ruleset

table inet filter {
    chain input {
        type filter hook input priority 0; policy drop;

        iifname lo accept \
        comment "Accept any localhost traffic"

        ct state { established, related } accept \
        comment "Accept traffic originated from us"

        ct state invalid drop \
        comment "Early drop of invalid connections"

        ip protocol icmp icmp type {
            echo-reply,  # type 0
            destination-unreachable,  # type 3
            echo-request,  # type 8
            time-exceeded,  # type 11
            parameter-problem,  # type 12
        } accept \
        comment "Accept some ICMP types"

        tcp dport 11235 accept \
        comment "Accept SSH on non default port"

        tcp dport { http, https } accept \
        comment "Accept HTTP"

        tcp dport 1965 accept \
        comment "Accept Gemini"

        udp dport 51820 accept \
        comment "Accept WireGuard"
    }

    chain forward {
        type filter hook forward priority 0; policy drop;
    }
}