Untitled

#!/sbin/nft -f

# Vider les règles existantes
flush ruleset

# Création de la table principale
add table inet filter

# Création des chaînes de filtrage (IN = Entrant, OUT = Sortant)
add chain inet filter INBOUND_TRAFFIC { type filter hook input priority 0; policy drop; }
add chain inet filter OUTBOUND_TRAFFIC { type filter hook output priority 0; policy drop; }

# Autoriser SSH sur le port 61234 (Entrant + Sortant)
add rule inet filter INBOUND_TRAFFIC tcp dport 61234 accept
add rule inet filter OUTBOUND_TRAFFIC tcp sport 61234 accept

# Autoriser le trafic Web (HTTP + HTTPS) (Entrant + Sortant)
add rule inet filter INBOUND_TRAFFIC tcp dport { 80, 443 } accept
add rule inet filter OUTBOUND_TRAFFIC tcp dport { 80, 443 } accept

# Autoriser DNS (sortant et réponses entrantes)
add rule inet filter OUTBOUND_TRAFFIC udp dport 53 accept
add rule inet filter OUTBOUND_TRAFFIC tcp dport 53 accept
add rule inet filter INBOUND_TRAFFIC udp sport 53 accept
add rule inet filter INBOUND_TRAFFIC tcp sport 53 accept

# Autoriser ICMP (ping)
add rule inet filter INBOUND_TRAFFIC icmp accept
add rule inet filter OUTBOUND_TRAFFIC icmp accept

# Tout bloquer par défaut (le reste sera refusé)
add rule inet filter INBOUND_TRAFFIC drop
add rule inet filter OUTBOUND_TRAFFIC drop