verita84/firewall
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
Your Name 2024-08-23 01:44:26 +00:00
parent e92dac6286
commit 7cb0871207
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
firewall2.sh
View File

@ -181,7 +181,7 @@ basic-security() {
$NFT insert rule filter input ct state established $NFT_ACCEPT
$NFT insert rule filter input iif lo $NFT_ACCEPT
$NFT -f /usr/share/doc/nftables/examples/ipv6-filter.nft
$NFT -f /usr/share/nftables/ipv6-filter.nft
$NFT add rule ip6 filter input icmpv6 type nd-neighbor-solicit $NFT_DROP
$NFT add rule ip6 filter input icmpv6 type nd-router-advert $NFT_DROP
}
@ -300,7 +300,7 @@ trust() {
start() {
$NFT flush ruleset
$NFT -f /usr/share/doc/nftables/examples/ipv4-filter.nft
$NFT -f /usr/share/nftables/ipv4-filter.nft
if [[ $HOSTNAME == *"nas"* ]]; then
attacker-protection
@ -318,8 +318,8 @@ start() {
jellyfin
wireguard-networking
uptimeKuma
podman restart uptime-kuma
$NFT insert rule filter input iif podman0 $NFT_ACCEPT
docker restart uptime-kuma
$NFT insert rule filter input iif docker0 $NFT_ACCEPT
basic-security
else
{
@ -339,7 +339,7 @@ status() {
stop() {
$NFT flush ruleset
$NFT -f /usr/share/doc/nftables/examples/ipv4-filter.nft
$NFT -f /usr/share/nftables/ipv4-filter.nft
$NFT add rule filter input icmp type echo-request $NFT_ACCEPT
$NFT rule filter input $NFT_ACCEPT
$NFT rule filter output $NFT_ACCEPT
@ -347,7 +347,7 @@ stop() {
$NFT insert rule filter input ct state established $NFT_ACCEPT
$NFT insert rule filter input iif lo $NFT_ACCEPT
$NFT -f /usr/share/doc/nftables/examples/ipv6-filter.nft
$NFT -f /usr/share/nftables/ipv6-filter.nft
$NFT add rule ip6 filter input icmpv6 type nd-neighbor-solicit $NFT_ACCEPT
$NFT add rule ip6 filter input icmpv6 type nd-router-advert $NFT_ACCEPT
}