From 1e1a9e9a73daf23b87f3de49347b494ce0534ef0 Mon Sep 17 00:00:00 2001
From: Patrick Spek <p.spek@tyil.nl>
Date: Tue, 27 Feb 2024 09:21:04 +0100
Subject: Add playbook for managing nftables

---
 defaults | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'defaults')

diff --git a/defaults b/defaults
index db56c11..15203d5 100644
--- a/defaults
+++ b/defaults
@@ -9,6 +9,17 @@ dns.upstream.3=2a03:94e0:1804::1
 dns.upstream.4=2001:470:71:6dc::53
 etc-nixos.path=/etc/nixos
 etc-portage.path=/etc/portage
+fw-nftables.input.icmp.ipv4.policy=accept
+fw-nftables.input.icmp.ipv4.rate=2/second
+fw-nftables.input.icmp.ipv6.policy=accept
+fw-nftables.input.icmp.ipv6.rate=2/second
+fw-nftables.input.policy=drop
+fw-nftables.input.rules.ssh.policy=accept
+fw-nftables.input.rules.ssh.port=22
+fw-nftables.input.rules.ssh.proto=tcp
+fw-nftables.input.state.established.policy=accept
+fw-nftables.input.state.invalid.policy=drop
+fw-nftables.input.state.related.policy=accept
 k3s-master.cluster-domain=k3s.tyil.nl
 k3s-master.helm.apps.certmanager.chart=jetstack/cert-manager
 k3s-master.helm.apps.certmanager.namespace=base-system
-- 
cgit v1.1