From 2ea91aafb274eb2c9fc5e05567ede592f3fd12c8 Mon Sep 17 00:00:00 2001
From: xyz <gky44px1999@gmail.com>
Date: Sun, 30 Jan 2022 14:43:01 -0800
Subject: add nftables.conf original

---
 etc/nftables.conf | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 etc/nftables.conf

diff --git a/etc/nftables.conf b/etc/nftables.conf
new file mode 100644
index 00000000..fe835b30
--- /dev/null
+++ b/etc/nftables.conf
@@ -0,0 +1,27 @@
+#!/usr/bin/nft -f
+# vim:set ts=2 sw=2 et:
+
+# IPv4/IPv6 Simple & Safe firewall ruleset.
+# More examples in /usr/share/nftables/ and /usr/share/doc/nftables/examples/.
+
+table inet filter
+delete table inet filter
+table inet filter {
+  chain input {
+    type filter hook input priority filter
+    policy drop
+
+    ct state invalid drop comment "early drop of invalid connections"
+    ct state {established, related} accept comment "allow tracked connections"
+    iifname lo accept comment "allow from loopback"
+    ip protocol icmp accept comment "allow icmp"
+    meta l4proto ipv6-icmp accept comment "allow icmp v6"
+    tcp dport ssh accept comment "allow sshd"
+    pkttype host limit rate 5/second counter reject with icmpx type admin-prohibited
+    counter
+  }
+  chain forward {
+    type filter hook forward priority filter
+    policy drop
+  }
+}
-- 
cgit v1.2.3-70-g09d2