17 lines
407 B
Plaintext
17 lines
407 B
Plaintext
# Sample configuration snippet for nftables service.
|
|
# Meant to be included by main.nft, not for direct use.
|
|
|
|
# a common table for both IPv4 and IPv6
|
|
table inet nftables_svc {
|
|
|
|
# base-chain for traffic forwarded by this host
|
|
# re-uses 'allow' chain from main.nft
|
|
chain FORWARD {
|
|
type filter hook forward priority filter + 20
|
|
policy accept
|
|
|
|
jump allow
|
|
reject with icmpx type host-unreachable
|
|
}
|
|
}
|