diff options
-rw-r--r-- | defaults | 1 | ||||
-rw-r--r-- | playbooks.d/fw-nftables/playbook.bash | 8 |
2 files changed, 9 insertions, 0 deletions
@@ -13,6 +13,7 @@ fw-nftables.input.icmp.ipv4.policy=accept fw-nftables.input.icmp.ipv4.rate=2/second fw-nftables.input.icmp.ipv6.policy=accept fw-nftables.input.icmp.ipv6.rate=2/second +fw-nftables.input.interfaces.lo.policy=accept fw-nftables.input.policy=drop fw-nftables.input.rules.ssh.policy=accept fw-nftables.input.rules.ssh.port=22 diff --git a/playbooks.d/fw-nftables/playbook.bash b/playbooks.d/fw-nftables/playbook.bash index 748c177..927e414 100644 --- a/playbooks.d/fw-nftables/playbook.bash +++ b/playbooks.d/fw-nftables/playbook.bash @@ -27,6 +27,14 @@ playbook_sync() { printf "\t\tct state invalid %s;\n" \ "$(config "$BASHTARD_PLAYBOOK.input.state.invalid.policy" "drop")" + # Add interface rules + printf "\n" + while read -r interface + do + info "$BASHTARD_PLAYBOOK/sync" "Adding input filter for interface $interface" + printf "\t\tiifname %s %s;\n" "$interface" "$(config "$BASHTARD_PLAYBOOK.input.interfaces.$interface.policy")" + done < <(config_subkeys "$BASHTARD_PLAYBOOK.input.interfaces") + # Add ICMP rules info "$BASHTARD_PLAYBOOK/sync" "Adding input filter for ICMP" printf "\n" |