Details |
Last modification |
View Log
| RSS feed
| Rev |
Author |
Line No. |
Line |
| 192 |
- |
1 |
# Sample configuration snippet for nftables service.
|
|
|
2 |
# Meant to be included by main.nft, not for direct use.
|
|
|
3 |
|
|
|
4 |
# a common table for both IPv4 and IPv6
|
|
|
5 |
table inet nftables_svc {
|
|
|
6 |
|
|
|
7 |
# base-chain for traffic forwarded by this host
|
|
|
8 |
# re-uses 'allow' chain from main.nft
|
|
|
9 |
chain FORWARD {
|
|
|
10 |
type filter hook forward priority filter + 20
|
|
|
11 |
policy accept
|
|
|
12 |
|
|
|
13 |
jump allow
|
|
|
14 |
reject with icmpx type host-unreachable
|
|
|
15 |
}
|
|
|
16 |
}
|