31 lines
647 B
TeX
31 lines
647 B
TeX
\chapter{Script nftables pour les bornes}
|
|
\label{chap:nftables}
|
|
|
|
\begin{lstlisting}[caption={Fichier de définition des règles de pare-feu}]
|
|
#!/usr/sbin/nft -f
|
|
|
|
flush ruleset
|
|
|
|
table inet filter {
|
|
chain input {
|
|
type filter hook input priority 0;
|
|
ct state established,related accept
|
|
tcp dport ssh accept
|
|
iif lo accept
|
|
drop
|
|
}
|
|
chain forward {
|
|
type filter hook forward priority 0;
|
|
drop
|
|
}
|
|
chain output {
|
|
type filter hook output priority 0;
|
|
ct state established,related accept
|
|
iif lo accept
|
|
tcp dport { http, https } accept
|
|
udp dport 53 accept
|
|
ip daddr 127.0.0.1 tcp dport 631 accept
|
|
drop
|
|
}
|
|
}
|
|
\end{lstlisting}
|