Add playbook for managing nftables

author: Patrick Spek <p.spek@tyil.nl> 2024-02-27 09:21:04 +0100
committer: Patrick Spek <p.spek@tyil.nl> 2024-02-27 09:21:04 +0100
commit: 1e1a9e9a73daf23b87f3de49347b494ce0534ef0 (patch)
tree: 5d346a4d91f8cf985387a39a2400e2c264021023 /defaults
parent: 2267deb50774f0f4ebc95887a3abfea9e3dac37a (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/defaults b/defaults
index db56c11..15203d5 100644
--- a/defaults
+++ b/defaults
@@ -9,6 +9,17 @@ dns.upstream.3=2a03:94e0:1804::1
 dns.upstream.4=2001:470:71:6dc::53
 etc-nixos.path=/etc/nixos
 etc-portage.path=/etc/portage
+fw-nftables.input.icmp.ipv4.policy=accept
+fw-nftables.input.icmp.ipv4.rate=2/second
+fw-nftables.input.icmp.ipv6.policy=accept
+fw-nftables.input.icmp.ipv6.rate=2/second
+fw-nftables.input.policy=drop
+fw-nftables.input.rules.ssh.policy=accept
+fw-nftables.input.rules.ssh.port=22
+fw-nftables.input.rules.ssh.proto=tcp
+fw-nftables.input.state.established.policy=accept
+fw-nftables.input.state.invalid.policy=drop
+fw-nftables.input.state.related.policy=accept
 k3s-master.cluster-domain=k3s.tyil.nl
 k3s-master.helm.apps.certmanager.chart=jetstack/cert-manager
 k3s-master.helm.apps.certmanager.namespace=base-system
author	Patrick Spek <p.spek@tyil.nl>	2024-02-27 09:21:04 +0100
committer	Patrick Spek <p.spek@tyil.nl>	2024-02-27 09:21:04 +0100
commit	1e1a9e9a73daf23b87f3de49347b494ce0534ef0 (patch)
tree	5d346a4d91f8cf985387a39a2400e2c264021023 /defaults
parent	2267deb50774f0f4ebc95887a3abfea9e3dac37a (diff)