|
 |
168a1c |
# Sample configuration snippet for nftables service.
|
|
|
168a1c |
# Meant to be included by main.nft, not for direct use.
|
|
|
168a1c |
|
|
|
168a1c |
# a common table for both IPv4 and IPv6
|
|
|
168a1c |
table inet nftables_svc {
|
|
|
168a1c |
|
|
|
168a1c |
# base-chain for traffic forwarded by this host
|
|
|
168a1c |
# re-uses 'allow' chain from main.nft
|
|
|
168a1c |
chain FORWARD {
|
|
|
168a1c |
type filter hook forward priority filter + 20
|
|
|
168a1c |
policy accept
|
|
|
168a1c |
|
|
|
168a1c |
jump allow
|
|
|
168a1c |
reject with icmpx type host-unreachable
|
|
|
168a1c |
}
|
|
|
168a1c |
}
|