\chapter{Script nftables pour les bornes}
\label{chap:nftables}

\begin{lstlisting}[caption={Fichier de définition des règles de pare-feu}]
#!/usr/sbin/nft -f

flush ruleset

table inet filter {
	chain input {
		type filter hook input priority 0;
		ct state established,related accept
		tcp dport ssh accept
		iif lo accept
		drop
    }
	chain forward {
		type filter hook forward priority 0;
		drop
	}
	chain output {
		type filter hook output priority 0;
		ct state established,related accept
		iif lo accept
		tcp dport { http, https } accept
		udp dport 53 accept
        ip daddr 127.0.0.1 tcp dport 631 accept
		drop
	}
}
\end{lstlisting}