Set's name can't exceed 15 characters !
This commit is contained in:
parent
38e1d0dabc
commit
ead7a337a0
|
@ -1,4 +1,9 @@
|
||||||
|
|
||||||
|
## v1.2.2
|
||||||
|
|
||||||
|
### Fix
|
||||||
|
* Set's name can't exceed 15 characters !
|
||||||
|
|
||||||
## v1.2.1
|
## v1.2.1
|
||||||
|
|
||||||
### Features
|
### Features
|
||||||
|
|
42
README.md
42
README.md
|
@ -85,9 +85,9 @@ nft_input_default_rules:
|
||||||
015 localhost:
|
015 localhost:
|
||||||
- iif lo accept
|
- iif lo accept
|
||||||
200 input udp accepted:
|
200 input udp accepted:
|
||||||
- udp dport @input_udp_accept ct state new accept
|
- udp dport @in_udp_accept ct state new accept
|
||||||
210 input tcp accepted:
|
210 input tcp accepted:
|
||||||
- tcp dport @input_tcp_accept ct state new accept
|
- tcp dport @in_tcp_accept ct state new accept
|
||||||
nft_input_group_rules: {}
|
nft_input_group_rules: {}
|
||||||
nft_input_host_rules: {}
|
nft_input_host_rules: {}
|
||||||
|
|
||||||
|
@ -101,9 +101,9 @@ nft_output_default_rules:
|
||||||
050 icmp:
|
050 icmp:
|
||||||
- ip protocol icmp accept
|
- ip protocol icmp accept
|
||||||
200 output udp accepted:
|
200 output udp accepted:
|
||||||
- udp dport @output_udp_accept ct state new accept
|
- udp dport @out_udp_accept ct state new accept
|
||||||
210 output tcp accepted:
|
210 output tcp accepted:
|
||||||
- tcp dport @output_tcp_accept ct state new accept
|
- tcp dport @out_tcp_accept ct state new accept
|
||||||
nft_output_group_rules: {}
|
nft_output_group_rules: {}
|
||||||
nft_output_host_rules: {}
|
nft_output_host_rules: {}
|
||||||
|
|
||||||
|
@ -114,16 +114,16 @@ nft_define_default:
|
||||||
name: badcast_addr
|
name: badcast_addr
|
||||||
value: '{ 255.255.255.255, 224.0.0.1, 224.0.0.251 }'
|
value: '{ 255.255.255.255, 224.0.0.1, 224.0.0.251 }'
|
||||||
input tcp accepted:
|
input tcp accepted:
|
||||||
name: input_tcp_accept
|
name: in_tcp_accept
|
||||||
value: '{ ssh }'
|
value: '{ ssh }'
|
||||||
input udp accepted:
|
input udp accepted:
|
||||||
name: input_udp_accept
|
name: in_udp_accept
|
||||||
value: 'none'
|
value: 'none'
|
||||||
output tcp accepted:
|
output tcp accepted:
|
||||||
name: output_tcp_accept
|
name: out_tcp_accept
|
||||||
value: '{ http, https, hkp }'
|
value: '{ http, https, hkp }'
|
||||||
output udp accepted:
|
output udp accepted:
|
||||||
name: output_udp_accept
|
name: out_udp_accept
|
||||||
value: '{ bootps, domain, ntp }'
|
value: '{ bootps, domain, ntp }'
|
||||||
nft_define_group: {}
|
nft_define_group: {}
|
||||||
nft_define_host: {}
|
nft_define_host: {}
|
||||||
|
@ -133,17 +133,17 @@ nft_set_default:
|
||||||
blackhole:
|
blackhole:
|
||||||
- type ipv4_addr;
|
- type ipv4_addr;
|
||||||
- elements = $badcast_addr
|
- elements = $badcast_addr
|
||||||
input_tcp_accept:
|
in_tcp_accept:
|
||||||
- type inet_service; flags interval;
|
- type inet_service; flags interval;
|
||||||
- elements = $input_tcp_accept
|
- elements = $in_tcp_accept
|
||||||
input_udp_accept:
|
in_udp_accept:
|
||||||
- type inet_service; flags interval;
|
- type inet_service; flags interval;
|
||||||
output_tcp_accept:
|
out_tcp_accept:
|
||||||
- type inet_service; flags interval;
|
- type inet_service; flags interval;
|
||||||
- elements = $output_tcp_accept
|
- elements = $out_tcp_accept
|
||||||
output_udp_accept:
|
out_udp_accept:
|
||||||
- type inet_service; flags interval;
|
- type inet_service; flags interval;
|
||||||
- elements = $output_udp_accept
|
- elements = $out_udp_accept
|
||||||
nft_set_group: {}
|
nft_set_group: {}
|
||||||
nft_set_host: {}
|
nft_set_host: {}
|
||||||
```
|
```
|
||||||
|
@ -179,13 +179,13 @@ table inet firewall {
|
||||||
elements = { 255.255.255.255, 224.0.0.1, 224.0.0.251}
|
elements = { 255.255.255.255, 224.0.0.1, 224.0.0.251}
|
||||||
}
|
}
|
||||||
|
|
||||||
set output_tcp_accept {
|
set out_tcp_accept {
|
||||||
type inet_service
|
type inet_service
|
||||||
flags interval
|
flags interval
|
||||||
elements = { http, https, hkp}
|
elements = { http, https, hkp}
|
||||||
}
|
}
|
||||||
|
|
||||||
set output_udp_accept {
|
set out_udp_accept {
|
||||||
type inet_service
|
type inet_service
|
||||||
flags interval
|
flags interval
|
||||||
elements = { domain, bootps, ntp}
|
elements = { domain, bootps, ntp}
|
||||||
|
@ -201,8 +201,8 @@ table inet firewall {
|
||||||
jump global
|
jump global
|
||||||
ip daddr @blackhole counter packets 0 bytes 0 drop
|
ip daddr @blackhole counter packets 0 bytes 0 drop
|
||||||
iif "lo" accept
|
iif "lo" accept
|
||||||
udp dport @input_udp_accept ct state new accept
|
udp dport @in_udp_accept ct state new accept
|
||||||
tcp dport @input_tcp_accept ct state new accept
|
tcp dport @in_tcp_accept ct state new accept
|
||||||
}
|
}
|
||||||
|
|
||||||
chain output {
|
chain output {
|
||||||
|
@ -210,8 +210,8 @@ table inet firewall {
|
||||||
jump global
|
jump global
|
||||||
oif "lo" accept
|
oif "lo" accept
|
||||||
ip protocol icmp accept
|
ip protocol icmp accept
|
||||||
udp dport @output_udp_accept ct state new accept
|
udp dport @out_udp_accept ct state new accept
|
||||||
tcp dport @output_tcp_accept ct state new accept
|
tcp dport @out_tcp_accept ct state new accept
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
|
@ -39,9 +39,9 @@ nft_input_default_rules:
|
||||||
015 localhost:
|
015 localhost:
|
||||||
- iif lo accept
|
- iif lo accept
|
||||||
200 input udp accepted:
|
200 input udp accepted:
|
||||||
- udp dport @input_udp_accept ct state new accept
|
- udp dport @in_udp_accept ct state new accept
|
||||||
210 input tcp accepted:
|
210 input tcp accepted:
|
||||||
- tcp dport @input_tcp_accept ct state new accept
|
- tcp dport @in_tcp_accept ct state new accept
|
||||||
nft_input_group_rules: {}
|
nft_input_group_rules: {}
|
||||||
nft_input_host_rules: {}
|
nft_input_host_rules: {}
|
||||||
|
|
||||||
|
@ -56,9 +56,9 @@ nft_output_default_rules:
|
||||||
- ip protocol icmp accept
|
- ip protocol icmp accept
|
||||||
- ip6 nexthdr icmpv6 counter accept
|
- ip6 nexthdr icmpv6 counter accept
|
||||||
200 output udp accepted:
|
200 output udp accepted:
|
||||||
- udp dport @output_udp_accept ct state new accept
|
- udp dport @out_udp_accept ct state new accept
|
||||||
210 output tcp accepted:
|
210 output tcp accepted:
|
||||||
- tcp dport @output_tcp_accept ct state new accept
|
- tcp dport @out_tcp_accept ct state new accept
|
||||||
nft_output_group_rules: {}
|
nft_output_group_rules: {}
|
||||||
nft_output_host_rules: {}
|
nft_output_host_rules: {}
|
||||||
|
|
||||||
|
@ -69,16 +69,16 @@ nft_define_default:
|
||||||
name: badcast_addr
|
name: badcast_addr
|
||||||
value: '{ 255.255.255.255, 224.0.0.1, 224.0.0.251 }'
|
value: '{ 255.255.255.255, 224.0.0.1, 224.0.0.251 }'
|
||||||
input tcp accepted:
|
input tcp accepted:
|
||||||
name: input_tcp_accept
|
name: in_tcp_accept
|
||||||
value: '{ ssh }'
|
value: '{ ssh }'
|
||||||
input udp accepted:
|
input udp accepted:
|
||||||
name: input_udp_accept
|
name: in_udp_accept
|
||||||
value: 'none'
|
value: 'none'
|
||||||
output tcp accepted:
|
output tcp accepted:
|
||||||
name: output_tcp_accept
|
name: out_tcp_accept
|
||||||
value: '{ http, https, hkp }'
|
value: '{ http, https, hkp }'
|
||||||
output udp accepted:
|
output udp accepted:
|
||||||
name: output_udp_accept
|
name: out_udp_accept
|
||||||
value: '{ bootps, domain, ntp }'
|
value: '{ bootps, domain, ntp }'
|
||||||
nft_define_group: {}
|
nft_define_group: {}
|
||||||
nft_define_host: {}
|
nft_define_host: {}
|
||||||
|
@ -88,17 +88,17 @@ nft_set_default:
|
||||||
blackhole:
|
blackhole:
|
||||||
- type ipv4_addr;
|
- type ipv4_addr;
|
||||||
- elements = $badcast_addr
|
- elements = $badcast_addr
|
||||||
input_tcp_accept:
|
in_tcp_accept:
|
||||||
- type inet_service; flags interval;
|
- type inet_service; flags interval;
|
||||||
- elements = $input_tcp_accept
|
- elements = $in_tcp_accept
|
||||||
input_udp_accept:
|
in_udp_accept:
|
||||||
- type inet_service; flags interval;
|
- type inet_service; flags interval;
|
||||||
output_tcp_accept:
|
out_tcp_accept:
|
||||||
- type inet_service; flags interval;
|
- type inet_service; flags interval;
|
||||||
- elements = $output_tcp_accept
|
- elements = $out_tcp_accept
|
||||||
output_udp_accept:
|
out_udp_accept:
|
||||||
- type inet_service; flags interval;
|
- type inet_service; flags interval;
|
||||||
- elements = $output_udp_accept
|
- elements = $out_udp_accept
|
||||||
nft_set_group: {}
|
nft_set_group: {}
|
||||||
nft_set_host: {}
|
nft_set_host: {}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue