Untitled
unknown
plain_text
10 days ago
1.3 kB
2
Indexable
#!/sbin/nft -f
# Vider les règles existantes
flush ruleset
# Création de la table principale
add table inet filter
# Création des chaînes de filtrage (IN = Entrant, OUT = Sortant)
add chain inet filter INBOUND_TRAFFIC { type filter hook input priority 0; policy drop; }
add chain inet filter OUTBOUND_TRAFFIC { type filter hook output priority 0; policy drop; }
# Autoriser SSH sur le port 61234 (Entrant + Sortant)
add rule inet filter INBOUND_TRAFFIC tcp dport 61234 accept
add rule inet filter OUTBOUND_TRAFFIC tcp sport 61234 accept
# Autoriser le trafic Web (HTTP + HTTPS) (Entrant + Sortant)
add rule inet filter INBOUND_TRAFFIC tcp dport { 80, 443 } accept
add rule inet filter OUTBOUND_TRAFFIC tcp dport { 80, 443 } accept
# Autoriser DNS (sortant et réponses entrantes)
add rule inet filter OUTBOUND_TRAFFIC udp dport 53 accept
add rule inet filter OUTBOUND_TRAFFIC tcp dport 53 accept
add rule inet filter INBOUND_TRAFFIC udp sport 53 accept
add rule inet filter INBOUND_TRAFFIC tcp sport 53 accept
# Autoriser ICMP (ping)
add rule inet filter INBOUND_TRAFFIC icmp accept
add rule inet filter OUTBOUND_TRAFFIC icmp accept
# Tout bloquer par défaut (le reste sera refusé)
add rule inet filter INBOUND_TRAFFIC drop
add rule inet filter OUTBOUND_TRAFFIC drop
Leave a Comment