mcm · December 6, 2016 16:39
diff --git a/mcmfw1.ruleset b/mcmfw1.ruleset
 #!/usr/sbin/nft -f
 flush ruleset
 add table inet filter
 add chain inet filter input { type filter hook input priority 0 ; policy accept ; }
 add chain inet filter output { type filter hook output priority 0 ; policy accept ; }
 add chain inet filter forward { type filter hook forward priority 0 ; policy accept ; }
 add chain inet filter floating
 add chain inet filter wan
 add chain inet filter vlan2
 add chain inet filter vlan15
 add rule inet filter input ct state { established, related } counter accept
 add rule inet filter input meta iifname lo accept
 add rule inet filter input meta iifname wan jump wan
 add rule inet filter input jump floating
 add rule inet filter input ip saddr 10.42.0.0/16 udp dport 53 log accept
 add rule inet filter input ip saddr 10.42.0.0/16 tcp dport 53 log accept
 add rule inet filter input ip saddr 10.42.0.0/16 ip protocol icmp log accept
 add rule inet filter forward ct state { established, related } counter accept
 add rule inet filter forward meta iifname lo accept
 add rule inet filter forward meta iifname wan jump wan
 add rule inet filter forward meta iifname vlan2 jump vlan2
 add rule inet filter forward meta iifname vlan15 jump vlan15
 add rule inet filter forward jump floating
 ###
 # Object Definitions
 ###
 add set inet filter Administrators { type ipv4_addr ; }
 add element inet filter Administrators { 10.42.2.10, 10.42.2.11, 10.42.2.12 }
 ###
 # WAN Rules
 ###
 add rule inet filter wan ip saddr {10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16} log drop
 add rule inet filter wan ip saddr 66.220.2.74 ip protocol icmp log accept
 add rule inet filter wan ip saddr 184.105.253.14 log accept
 add rule inet filter wan udp dport 1194 log accept
 ###
 # LAN Rules
 ###
 add rule inet filter vlan2 ip saddr 10.42.2.0/24 log accept
 ###
 # Server Rules
 ###
 ###
 # Floating Rules
 ###
 add rule inet filter floating ip saddr @Administrators log accept
	#!/usr/sbin/nft -f
	flush ruleset
	add table inet filter
	add chain inet filter input { type filter hook input priority 0 ; policy accept ; }
	add chain inet filter output { type filter hook output priority 0 ; policy accept ; }
	add chain inet filter forward { type filter hook forward priority 0 ; policy accept ; }
	add chain inet filter floating
	add chain inet filter wan
	add chain inet filter vlan2
	add chain inet filter vlan15
	add rule inet filter input ct state { established, related } counter accept
	add rule inet filter input meta iifname lo accept
	add rule inet filter input meta iifname wan jump wan
	add rule inet filter input jump floating
	add rule inet filter input ip saddr 10.42.0.0/16 udp dport 53 log accept
	add rule inet filter input ip saddr 10.42.0.0/16 tcp dport 53 log accept
	add rule inet filter input ip saddr 10.42.0.0/16 ip protocol icmp log accept
	add rule inet filter forward ct state { established, related } counter accept
	add rule inet filter forward meta iifname lo accept
	add rule inet filter forward meta iifname wan jump wan
	add rule inet filter forward meta iifname vlan2 jump vlan2
	add rule inet filter forward meta iifname vlan15 jump vlan15
	add rule inet filter forward jump floating
	###
	# Object Definitions
	###
	add set inet filter Administrators { type ipv4_addr ; }
	add element inet filter Administrators { 10.42.2.10, 10.42.2.11, 10.42.2.12 }
	###
	# WAN Rules
	###
	add rule inet filter wan ip saddr {10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16} log drop
	add rule inet filter wan ip saddr 66.220.2.74 ip protocol icmp log accept
	add rule inet filter wan ip saddr 184.105.253.14 log accept
	add rule inet filter wan udp dport 1194 log accept
	###
	# LAN Rules
	###
	add rule inet filter vlan2 ip saddr 10.42.2.0/24 log accept
	###
	# Server Rules
	###
	###
	# Floating Rules
	###
	add rule inet filter floating ip saddr @Administrators log accept