From 948a3aeeb255fe141e6cadfab8024ea39424fead Mon Sep 17 00:00:00 2001
From: Tristan PILAT <tpilat@evolix.fr>
Date: Wed, 14 Oct 2020 17:18:03 +0200
Subject: [PATCH] We want to drop traffic coming to protected TCP/UDP ports

---
 minifirewall-start.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/minifirewall-start.sh b/minifirewall-start.sh
index 43204eb..7cbb559 100755
--- a/minifirewall-start.sh
+++ b/minifirewall-start.sh
@@ -189,13 +189,13 @@ for x in $SERVICESUDP3
 # Feed protected_tcp_ports chain with protected TCP ports
 for x in $SERVICESTCP1p
     do
-        $NFT add rule inet minifirewall protected_tcp_ports tcp dport $x accept
+        $NFT add rule inet minifirewall protected_tcp_ports tcp dport $x drop
     done
 
 # Feed protected_udp_ports chain with protected UDP ports
 for x in $SERVICESUDP1p
     do
-        $NFT add rule inet minifirewall protected_udp_ports udp dport $x accept
+        $NFT add rule inet minifirewall protected_udp_ports udp dport $x drop
     done
 
 #