RedXen
/
aports
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add administrative subnet-capable set

This commit is contained in:
Alex D. 2024-08-14 14:11:32 +00:00
parent 5fcfab8d93
commit 98e5279d31
Signed by: caskd
GPG Key ID: F92BA85F61F4C173
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
config/nftables/nft/inet/redxenfirewall/table
View File

@ -1,5 +1,15 @@
table inet redxenfirewall {
set admin4 {
type ipv4_addr;
flags interval, timeout;
}
set admin6 {
type ipv6_addr;
flags interval, timeout;
}
set blackhole4 {
type ipv4_addr;
flags dynamic, timeout;
@ -18,6 +28,9 @@ table inet redxenfirewall {
ip saddr @blackhole4 update @blackhole4 { ip saddr timeout 1h } counter reject with icmpx type admin-prohibited;
ip6 saddr @blackhole6 update @blackhole6 { ip6 saddr timeout 1h } counter reject with icmpx type admin-prohibited;
ip saddr @admin4 counter reject with icmpx type admin-prohibited;
ip6 saddr @admin6 counter reject with icmpx type admin-prohibited;
icmp type { echo-request } counter accept;
icmpv6 type { nd-neighbor-solicit, echo-request, nd-router-advert, nd-neighbor-advert } counter accept;
ct state related,established counter accept;