Remove DHCP incoming packets. The connection is started by the host, don't need incoming rule.
This commit is contained in:
parent
5dd7ea7a5d
commit
4beb9019de
|
|
@ -8,6 +8,7 @@
|
||||||
### Default Rules
|
### Default Rules
|
||||||
* Use more sets and vars definitions to avoid multiple rules.
|
* Use more sets and vars definitions to avoid multiple rules.
|
||||||
* Allow outgoing icmp.
|
* Allow outgoing icmp.
|
||||||
|
* Remove DHCP incoming packets. The connection is started by the host, don't need incoming rule.
|
||||||
|
|
||||||
## v1.0
|
## v1.0
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -79,8 +79,6 @@ nft_input_default_rules:
|
||||||
- ip daddr @blackhole counter drop
|
- ip daddr @blackhole counter drop
|
||||||
015 localhost:
|
015 localhost:
|
||||||
- iif lo accept
|
- iif lo accept
|
||||||
040 dhcp:
|
|
||||||
- udp sport bootps udp dport bootpc limit rate 6/minute accept
|
|
||||||
220 ssh:
|
220 ssh:
|
||||||
- tcp dport ssh ct state new counter accept
|
- tcp dport ssh ct state new counter accept
|
||||||
nft_input_group_rules: {}
|
nft_input_group_rules: {}
|
||||||
|
|
|
||||||
|
|
@ -34,8 +34,6 @@ nft_input_default_rules:
|
||||||
- ip daddr @blackhole counter drop
|
- ip daddr @blackhole counter drop
|
||||||
015 localhost:
|
015 localhost:
|
||||||
- iif lo accept
|
- iif lo accept
|
||||||
040 dhcp:
|
|
||||||
- udp sport bootps udp dport bootpc limit rate 6/minute accept
|
|
||||||
220 ssh:
|
220 ssh:
|
||||||
- tcp dport ssh ct state new counter accept
|
- tcp dport ssh ct state new counter accept
|
||||||
nft_input_group_rules: {}
|
nft_input_group_rules: {}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue