52 lines
1.1 KiB
YAML
52 lines
1.1 KiB
YAML
firewall:
|
|
defaults:
|
|
all:
|
|
statement: accept
|
|
matches: ~
|
|
priority: 1000
|
|
counter: True
|
|
input: {}
|
|
forward: {}
|
|
output: {}
|
|
nat_prerouting: {}
|
|
nat_postrouting: {}
|
|
nat6_prerouting: {}
|
|
nat6_postrouting: {}
|
|
chains:
|
|
input:
|
|
"statefull-invalid":
|
|
matches: ct state invalid
|
|
priority: 240
|
|
statement: drop
|
|
"statefull-accept":
|
|
matches: ct state established,related
|
|
priority: 250
|
|
allow_localhost:
|
|
matches: iif lo
|
|
priority: 500
|
|
allow_icmp:
|
|
matches: ip protocol icmp
|
|
priority: 500
|
|
allow_icmp6:
|
|
matches: ip6 nexthdr icmpv6
|
|
priority: 500
|
|
allow_ssh: tcp dport ssh
|
|
output: {}
|
|
forward:
|
|
"statefull-invalid":
|
|
matches: ct state invalid
|
|
priority: 240
|
|
statement: drop
|
|
"statefull-accept":
|
|
matches: ct state established,related
|
|
priority: 250
|
|
nat_prerouting: {}
|
|
nat_postrouting: {}
|
|
nat6_prerouting: {}
|
|
nat6_postrouting: {}
|
|
policies:
|
|
input: drop
|
|
output: accept
|
|
forward: drop
|
|
routing: False
|
|
vars: {}
|