Untitled
#!/sbin/nft -f # Vider les règles existantes flush ruleset # Création de la table principale add table inet filter # Création des chaînes de filtrage (IN = Entrant, OUT = Sortant) add chain inet filter INBOUND_TRAFFIC { type filter hook input priority 0; policy drop; } add chain inet filter OUTBOUND_TRAFFIC { type filter hook output priority 0; policy drop; } # Autoriser SSH sur le port 61234 (Entrant + Sortant) add rule inet filter INBOUND_TRAFFIC tcp dport 61234 accept add rule inet filter OUTBOUND_TRAFFIC tcp sport 61234 accept # Autoriser le trafic Web (HTTP + HTTPS) (Entrant + Sortant) add rule inet filter INBOUND_TRAFFIC tcp dport { 80, 443 } accept add rule inet filter OUTBOUND_TRAFFIC tcp dport { 80, 443 } accept # Autoriser DNS (sortant et réponses entrantes) add rule inet filter OUTBOUND_TRAFFIC udp dport 53 accept add rule inet filter OUTBOUND_TRAFFIC tcp dport 53 accept add rule inet filter INBOUND_TRAFFIC udp sport 53 accept add rule inet filter INBOUND_TRAFFIC tcp sport 53 accept # Autoriser ICMP (ping) add rule inet filter INBOUND_TRAFFIC icmp accept add rule inet filter OUTBOUND_TRAFFIC icmp accept # Tout bloquer par défaut (le reste sera refusé) add rule inet filter INBOUND_TRAFFIC drop add rule inet filter OUTBOUND_TRAFFIC drop
Leave a Comment