|
 |
3730f4 |
# Sample configuration snippet for nftables service.
|
|
|
3730f4 |
# Meant to be included by main.nft, not for direct use.
|
|
|
3730f4 |
|
|
|
3730f4 |
# a common table for both IPv4 and IPv6
|
|
|
3730f4 |
table inet nftables_svc {
|
|
|
3730f4 |
|
|
|
3730f4 |
# base-chain for traffic forwarded by this host
|
|
|
3730f4 |
# re-uses 'allow' chain from main.nft
|
|
|
3730f4 |
chain FORWARD {
|
|
|
3730f4 |
type filter hook forward priority filter + 20
|
|
|
3730f4 |
policy accept
|
|
|
3730f4 |
|
|
|
3730f4 |
jump allow
|
|
|
3730f4 |
reject with icmpx type host-unreachable
|
|
|
3730f4 |
}
|
|
|
3730f4 |
}
|