-
Notifications
You must be signed in to change notification settings - Fork 2
/
rules.nft
24 lines (20 loc) · 913 Bytes
/
rules.nft
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
#!/sbin/nft -f
flush ruleset
# fill in your ports here and uncomment this and the commented line below
#define mullvad_ports = { 20000, 30000 }
table inet filter {
chain input {
type filter hook input priority 0; policy drop;
ct state invalid drop comment "early drop of invalid packets"
ct state {established, related} accept comment "accept all connections related to connections made by us"
iif lo accept comment "accept loopback"
iif != lo ip daddr 127.0.0.1/8 drop comment "drop connections to loopback not coming from loopback"
iif != lo ip6 daddr ::1/128 drop comment "drop connections to loopback not coming from loopback"
ip protocol icmp accept comment "accept all ICMP types"
ip6 nexthdr icmpv6 accept comment "accept all ICMP types"
#tcp dport $mullvad_ports accept comment "accept Mullvad ports"
}
chain forward {
type filter hook forward priority 65535; policy drop;
}
}