Browse Source

Add per host output autorisation capability

nftables
Tristan Pilat 6 months ago
parent
commit
a432511b04
  1. 11
      minifirewall-start.sh
  2. 3
      minifirewall.conf

11
minifirewall-start.sh

@ -380,6 +380,17 @@ then
fi
fi
# If specified, we add per host output autorisation
if [ -n $OUTPUTOK ]
then
for item in $(echo $OUTPUTOK)
do
ip=$(echo $item | awk -F'!' '{print $1}')
port=$(echo $item | awk -F'!' '{print $2}')
$NFT add rule inet minifirewall minifirewall_output ip daddr $ip tcp dport $port counter accept
done
fi
# Related and established traffic is accepted
$NFT add rule inet minifirewall minifirewall_output ct state established,related accept

3
minifirewall.conf

@ -75,3 +75,6 @@ SMTPSECUREOK=''
# NTP authorizations
NTPOK='0.0.0.0/0'
# Per host output autorisations (IP!Port)
# OUTPUTOK='203.0.113.1!42 203.0.113.2!43'
OUTPUTOK=''
Loading…
Cancel
Save