diff options
| author | xyz <gky44px1999@gmail.com> | 2022-02-10 00:37:29 -0800 |
|---|---|---|
| committer | xyz <gky44px1999@gmail.com> | 2022-02-10 00:37:29 -0800 |
| commit | 7cc17b9dbe784170872dba0bcebfb4497047d05c (patch) | |
| tree | da6a50d1708921ab6a4a71fcf846c17c1dd7c079 /etc/nftables.conf | |
| parent | a338648f1735977a801a15ada378ea334bec6517 (diff) | |
nftables allow mullvad vpn port forwarding
Diffstat (limited to 'etc/nftables.conf')
| -rw-r--r-- | etc/nftables.conf | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/etc/nftables.conf b/etc/nftables.conf index b1d638b6..c0d0601d 100644 --- a/etc/nftables.conf +++ b/etc/nftables.conf @@ -18,13 +18,15 @@ table inet my_table { ct state invalid drop comment "early drop of invalid connections" ct state {established, related} accept comment "allow tracked connections" iifname lo accept comment "allow from loopback" - ip protocol icmp accept comment "allow icmp" - meta l4proto ipv6-icmp accept comment "allow icmp v6" - - #tcp dport ssh accept comment "allow sshd" - #tcp dport searx accept comment "allow searx" - tcp dport qrcp accept comment "allow qrcp" - udp dport mdns accept comment "allow mdns" + ip protocol icmp accept + meta l4proto ipv6-icmp accept + + #tcp dport ssh accept + #tcp dport searx accept + tcp dport qrcp accept + udp dport mdns accept + tcp dport mullvad-forward accept + udp dport mullvad-forward accept pkttype host limit rate 5/second counter reject with icmpx type admin-prohibited counter comment "count any other traffic" |