LogalDeveloper/Arch-Linux-Installer
0
Fork 0
Code Issues Activity

Fixed localhost output firewall rule not using correct selector.

Browse Source
This commit is contained in:
Logan Fick
2025-12-16 09:01:19 -05:00
parent cfd6b2455f
commit a066063f6a
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
etc/nftables.conf
View File

@@ -12,7 +12,7 @@ table inet filter {
ct state invalid counter drop comment "drop invalid" ct state invalid counter drop comment "drop invalid"
meta l4proto { icmp, ipv6-icmp } counter accept comment "accept ICMP" meta l4proto { icmp, ipv6-icmp } counter accept comment "accept ICMP"
tcp dport ssh ct state { new } counter accept comment "accept new SSH connections" tcp dport ssh ct state new counter accept comment "accept new SSH connections"
counter comment "count any other dropped traffic" counter comment "count any other dropped traffic"
} }
@@ -20,7 +20,7 @@ table inet filter {
chain output { chain output {
type filter hook output priority filter; policy drop; type filter hook output priority filter; policy drop;
iif lo counter accept comment "accept any localhost traffic" oif lo counter accept comment "accept any localhost traffic"
ct state { established, related } counter accept comment "accept established,related" ct state { established, related } counter accept comment "accept established,related"
ct state invalid counter drop comment "drop invalid" ct state invalid counter drop comment "drop invalid"
meta l4proto { icmp, ipv6-icmp } counter accept comment "accept ICMP" meta l4proto { icmp, ipv6-icmp } counter accept comment "accept ICMP"