scripts/nftables.conf at main · hypethral/scripts · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
#!/usr/sbin/nft -f

flush ruleset

add table ip filter

add chain ip filter INPUT { type filter hook input priority 0; policy drop; }
add chain ip filter FORWARD { type filter hook forward priority 0; policy drop; }
add chain ip filter OUTPUT { type filter hook output priority 0; policy accept; }
add rule ip filter INPUT ct state related,established accept
add rule ip filter INPUT ct state invalid drop
add rule ip filter INPUT iifname "lo" accept
add rule ip filter INPUT iifname != "lo" ip daddr 127.0.0.1/8 drop

add table ip6 filter
add chain ip6 filter INPUT { type filter hook input priority 0; policy drop; }
add chain ip6 filter FORWARD { type filter hook forward priority 0; policy drop; }
add chain ip6 filter OUTPUT { type filter hook output priority 0; policy drop; }