Fixed localhost output firewall rule not using correct selector.

2025-12-16 09:01:19 -05:00
parent cfd6b2455f
commit a066063f6a
1 changed files with 2 additions and 2 deletions
--- a/etc/nftables.conf
+++ b/etc/nftables.conf
@@ -12,7 +12,7 @@ table inet filter {
 		ct state invalid counter drop comment "drop invalid"
 		meta l4proto { icmp, ipv6-icmp } counter accept comment "accept ICMP"

-		tcp dport ssh ct state { new } counter accept comment "accept new SSH connections"
+		tcp dport ssh ct state new counter accept comment "accept new SSH connections"

 		counter comment "count any other dropped traffic"
 	}
@@ -20,7 +20,7 @@ table inet filter {
 	chain output {
 		type filter hook output priority filter; policy drop;

-		iif lo counter accept comment "accept any localhost traffic"
+		oif lo counter accept comment "accept any localhost traffic"
 		ct state { established, related } counter accept comment "accept established,related"
 		ct state invalid counter drop comment "drop invalid"
 		meta l4proto { icmp, ipv6-icmp } counter accept comment "accept ICMP"