infra/ansible-role-firewall
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

forward statefull

Browse source
This commit is contained in:
nd 2020-08-02 21:26:17 +02:00
parent 0b2d669ce8
commit a3f13ff8da
No known key found for this signature in database
GPG key ID: 21B5CD4DEE3670E9
1 changed files with 4 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

5
templates/nftables.conf.j2
View file

@ -30,7 +30,7 @@ table inet filter {
iif lo accept comment "Accept any localhost traffic" iif lo accept comment "Accept any localhost traffic"
ct state invalid drop comment "Drop invalid connections" ct state invalid drop comment "Drop invalid connections"
ct state established,related accept comment "Accept traffic originated from us" ct state established,related accept comment "Accept established (statefull)"
ip6 nexthdr icmpv6 accept comment "Accept ICMPv6" ip6 nexthdr icmpv6 accept comment "Accept ICMPv6"
ip protocol icmp accept comment "Accept ICMP" ip protocol icmp accept comment "Accept ICMP"
@ -45,6 +45,9 @@ table inet filter {
type filter hook forward priority 0; type filter hook forward priority 0;
policy {{ firewall.policies.forward }}; policy {{ firewall.policies.forward }};
ct state invalid drop comment "Drop invalid connections"
ct state established,related accept comment "Accept established (statefull)"
{{ nftchain('forward') }} {{ nftchain('forward') }}
counter comment "Count dropped" counter comment "Count dropped"