a772f7a5d4
Installs nftables config useful for pmOS:: 1) drop all connections to wwan* (wildcard matching supported, are there any other wwan iface names that wouldn't match this?) 2) allow ssh, drop from wwan (kinda redundant w/ the first rule, but doesn't hurt..), allow DHCP on usb* 3) allow all incoming connections on usb* (with the -openusb subpackage) 4) enable logging all nftable events (with the -log subpackage), very useful for debugging fixes #1024
13 lines
208 B
Text
13 lines
208 B
Text
#!/usr/sbin/nft -f
|
|
|
|
table inet filter {
|
|
chain input {
|
|
|
|
# drop ssh from wwan
|
|
iifname "wwan*" tcp dport 22 drop comment "drop SSH from wwan"
|
|
|
|
# allow ssh
|
|
tcp dport 22 accept comment "accept SSH"
|
|
|
|
}
|
|
}
|