Created
January 23, 2022 18:54
-
-
Save Job79/397103bbbdec6f8021617d4a9359982a to your computer and use it in GitHub Desktop.
Example netfilter firewall configuration with whitelist for sshd
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| flush ruleset | |
| table inet filter { | |
| set open_tcp { | |
| type inet_service; | |
| elements = { | |
| 80, 443 # http | |
| } | |
| } | |
| set whitelist { | |
| type ipv4_addr; | |
| elements = { | |
| 000.000.000.000 # ip address whitelist | |
| } | |
| } | |
| chain input { | |
| type filter hook input priority 0; policy drop; | |
| ct state invalid drop # early drop of invalid connections | |
| ct state {established, related} accept # allow established/related connections | |
| iifname lo accept # allow traffic from loopback | |
| # apply rules from variables | |
| tcp dport @open_tcp accept | |
| # special rules | |
| ip saddr @whitelist tcp dport 22 accept # allow connections from certain ip addresses | |
| } | |
| chain output { | |
| type filter hook output priority 0; policy accept; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment