nico/www.nico.schottelius.org
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

add loopback traffic

Browse source
This commit is contained in:
Nico Schottelius 2019-12-24 11:18:16 +01:00
parent 4b084213c9
commit 549b31ff71
1 changed files with 8 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
blog/my-notebook-firewall-36c3.mdwn
View file

@ -28,9 +28,11 @@ table ip6 filter {
type filter hook input priority 0;
policy drop;
iif lo accept
ct state established,related accept
icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, parameter-problem, echo-request, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert } accept
ct state established,related accept
tcp dport { 22, 80, 443 } accept
}
@ -63,6 +65,7 @@ table ip filter {
type filter hook input priority 0;
policy drop;
iif lo accept
ct state established,related accept
tcp dport { 22 } accept
tcp dport { 51820 } accept
@ -159,5 +162,9 @@ If you have any comments about it, I'm interested in hearing your
feedback on [the ungleich chat](http://chat.ungleich.ch),
[twitter](https://twitter.com/NicoSchottelius) or IRC (telmich).
## Update 2019-12-24
I forgot to allow loopback traffic in the original version, which
breaks some local networking.
[[!tag ccc firewall nftables ipv6]]