[arch-commits] Commit in nftables/trunk (PKGBUILD nftables.conf)

Sébastien Luttringer seblu at archlinux.org
Mon Jul 5 17:15:57 UTC 2021


    Date: Monday, July 5, 2021 @ 17:15:57
  Author: seblu
Revision: 418948

upgpkg: nftables 1:0.9.9-3

- fix FS#71444

Modified:
  nftables/trunk/PKGBUILD
  nftables/trunk/nftables.conf

---------------+
 PKGBUILD      |    4 ++--
 nftables.conf |    9 +++++----
 2 files changed, 7 insertions(+), 6 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2021-07-05 12:48:05 UTC (rev 418947)
+++ PKGBUILD	2021-07-05 17:15:57 UTC (rev 418948)
@@ -3,7 +3,7 @@
 pkgname=nftables
 epoch=1
 pkgver=0.9.9
-pkgrel=2
+pkgrel=3
 pkgdesc='Netfilter tables userspace tools'
 arch=('x86_64')
 url='https://netfilter.org/projects/nftables/'
@@ -19,7 +19,7 @@
 install=nftables.install
 sha256sums=('76ef2dc7fd0d79031a8369487739a217ca83996b3a746cec5bda79da11e3f1b4'
             'SKIP'
-            '9a387cf2b467cc8c552301bd3da22e7a8a966c2c5bd04e90571c771fca9ffe3e'
+            '4f69a19bde72e15205eaf661e01bcd6ca3e78901c591947c271efd40b0f0138c'
             'deffeef36fe658867dd9203ec13dec85047a6d224ea63334dcf60db97e1809ea')
 
 prepare() {

Modified: nftables.conf
===================================================================
--- nftables.conf	2021-07-05 12:48:05 UTC (rev 418947)
+++ nftables.conf	2021-07-05 17:15:57 UTC (rev 418948)
@@ -1,5 +1,5 @@
 #!/usr/bin/nft -f
-#vim:set ts=2 sw=2 et:
+# vim:set ts=2 sw=2 et:
 
 # IPv4/IPv6 Simple & Safe firewall ruleset.
 # More examples in /usr/share/nftables/ and /usr/share/doc/nftables/examples/.
@@ -8,7 +8,8 @@
 delete table inet filter
 table inet filter {
   chain input {
-    type filter hook input priority 0;
+    type filter hook input priority filter
+    policy drop
 
     # allow established/related connections
     ct state {established, related} accept
@@ -27,13 +28,13 @@
     tcp dport ssh accept
 
     # everything else
-    reject with icmpx type port-unreachable
+    pkttype host limit rate 5/second counter reject with icmpx type admin-prohibited
 
     # count dropped
     counter
   }
   chain forward {
-    type filter hook forward priority 0;
+    type filter hook forward priority filter
     policy drop
   }
 }




More information about the arch-commits mailing list