aports/config/nftables/nft/inet/redxenfirewall/table

table inet redxenfirewall {

	set blackhole4 {
		type ipv4_addr;
		timeout 4h;
		flags timeout;
	}

	set blackhole6 {
		type ipv6_addr;
		timeout 4h;
		flags timeout;
	}

	chain rxfi {
		type filter hook input priority 0;
		policy drop;
		include "inet/redxenfirewall/filter/input/blocked/*";
		include "inet/redxenfirewall/filter/input/trusted/*";
		include "inet/redxenfirewall/filter/input/stateful/*";
		include "inet/redxenfirewall/filter/input/allowed/*";
		include "inet/redxenfirewall/filter/input/established/*";
		counter reject with icmpx type admin-prohibited;
	}

	chain fwfi {
		type filter hook forward priority 0;
		policy drop;
		include "inet/redxenfirewall/filter/forward/*";
		counter reject with icmpx type no-route;
	}

	chain txfi {
		type filter hook output priority 0;
		policy accept;
		include "inet/redxenfirewall/filter/output/*";
	}

	chain prenat {
		type nat hook prerouting priority -100;
		policy accept;
		include "inet/redxenfirewall/nat/prerouting/*";
	}

	chain rxnat {
		type nat hook input priority 100;
		policy accept;
		include "inet/redxenfirewall/nat/input/*";
	}

	chain txnat {
		type nat hook output priority -100;
		policy accept;
		include "inet/redxenfirewall/nat/output/*";
	}

	chain postnat {
		type nat hook postrouting priority 100;
		policy accept;
		include "inet/redxenfirewall/nat/postrouting/*";
	}

}
Add nftables package 2021-06-19 22:08:51 +00:00			`table inet redxenfirewall {`

			`set blackhole4 {`
			`type ipv4_addr;`
			`timeout 4h;`
			`flags timeout;`
			`}`

			`set blackhole6 {`
			`type ipv6_addr;`
			`timeout 4h;`
			`flags timeout;`
			`}`

			`chain rxfi {`
			`type filter hook input priority 0;`
			`policy drop;`
			`include "inet/redxenfirewall/filter/input/blocked/*";`
			`include "inet/redxenfirewall/filter/input/trusted/*";`
			`include "inet/redxenfirewall/filter/input/stateful/*";`
			`include "inet/redxenfirewall/filter/input/allowed/*";`
			`include "inet/redxenfirewall/filter/input/established/*";`
			`counter reject with icmpx type admin-prohibited;`
			`}`

			`chain fwfi {`
			`type filter hook forward priority 0;`
			`policy drop;`
			`include "inet/redxenfirewall/filter/forward/*";`
			`counter reject with icmpx type no-route;`
			`}`

			`chain txfi {`
			`type filter hook output priority 0;`
			`policy accept;`
			`include "inet/redxenfirewall/filter/output/*";`
			`}`

			`chain prenat {`
			`type nat hook prerouting priority -100;`
			`policy accept;`
			`include "inet/redxenfirewall/nat/prerouting/*";`
			`}`

			`chain rxnat {`
			`type nat hook input priority 100;`
			`policy accept;`
			`include "inet/redxenfirewall/nat/input/*";`
			`}`

			`chain txnat {`
			`type nat hook output priority -100;`
			`policy accept;`
			`include "inet/redxenfirewall/nat/output/*";`
			`}`

			`chain postnat {`
			`type nat hook postrouting priority 100;`
			`policy accept;`
			`include "inet/redxenfirewall/nat/postrouting/*";`
			`}`

			`}`