From 7ff48bb4ecd069b9e1e6d5afeb60dcb38435e474 Mon Sep 17 00:00:00 2001
From: xyz <gky44px1999@gmail.com>
Date: Sun, 30 Jan 2022 21:43:42 -0800
Subject: nftables.conf, allow qrcp, drop ssh and searx, based on services and
 config files

---
 etc/nftables.conf | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'etc/nftables.conf')

diff --git a/etc/nftables.conf b/etc/nftables.conf
index aa2b53f1..b1d638b6 100644
--- a/etc/nftables.conf
+++ b/etc/nftables.conf
@@ -5,6 +5,7 @@
 
 # some codes from https://wiki.archlinux.org/title/Nftables
 
+# needed for reload config using `sudo systemctl restart nftables` or `sudo nft -f /etc/nftables.conf`
 table inet my_table
 delete table inet my_table
 
@@ -19,7 +20,12 @@ table inet my_table {
 		iifname lo accept comment "allow from loopback"
 		ip protocol icmp accept comment "allow icmp"
 		meta l4proto ipv6-icmp accept comment "allow icmp v6"
-		tcp dport ssh accept comment "allow sshd"
+
+		#tcp dport ssh accept comment "allow sshd"
+		#tcp dport searx accept comment "allow searx"
+		tcp dport qrcp accept comment "allow qrcp"
+		udp dport mdns accept comment "allow mdns"
+
 		pkttype host limit rate 5/second counter reject with icmpx type admin-prohibited
 		counter comment "count any other traffic"
 	}
-- 
cgit v1.2.3-70-g09d2