On 9/24/23 02:52, David C. Rankin wrote:
On 9/23/23 12:51, Christian wrote:
In addition to the workstation (single interface) nftables example, I have just uploaded an example of nftables firewall rules. i.e. for a router with 2 interfaces that sits between the internet and internal network. This supports services provided by firewall itself (DNS or ssh etc) as well as forwarded services to servers on internal network (web server, ssh, vpn etc). It has blocks and whitelist - and includes both inet and netdev blocks. I hand edited a fully working firewall for this example and hope it's useful. After edits, before trying please confirm no typos etc by running check: nft -c nftables.conf The nftables rules and sample files containing sets of CIDR blocks for whitelist or blocks are included. Obviously these will need editing. The set files are designed to be easily generated from a script - after any changes to the sets, reload the rules to pick up the new set data. It's available in my gh blog area in the nftables/firewall directory: https://github.com/gene-git/blog/tree/master/nftables Hope you find this helpful. And if you find typos or boo boos please let me know! thanks gene