31 lines
1 KiB
Diff
31 lines
1 KiB
Diff
--- nftables.conf 2023-06-09 19:16:58.000000000 -0400
|
|
+++ nftables.conf.2 2024-02-12 12:35:17.175626420 -0500
|
|
@@ -1,5 +1,6 @@
|
|
#!/usr/sbin/nft -f
|
|
flush ruleset
|
|
+include "/etc/nftables.d/blocklist.nft"
|
|
|
|
# SET TO WIREGUARD INTERFACE IP
|
|
define SNAT = 192.168.1.1
|
|
@@ -22,6 +23,11 @@
|
|
|
|
|
|
table inet filter {
|
|
+ set blocklist {
|
|
+ type ipv4_addr
|
|
+ flags interval
|
|
+ elements = { $blocklist }
|
|
+ }
|
|
|
|
chain forward {
|
|
type filter hook forward priority filter; policy drop;
|
|
@@ -34,6 +40,8 @@
|
|
meta iifname $WAN meta oifname $LAN accept
|
|
udp dport 80 log prefix "Dropped (UDP/80): " drop
|
|
udp dport 443 log prefix "Dropped (UDP/443): " drop
|
|
+ meta iifname $LAN ip daddr @blocklist log prefix "Dropped (BLOCKED IP): " drop
|
|
+ meta iifname $LAN ip saddr @blocklist log prefix "Dropped (BLOCKED IP): " drop
|
|
ct state related,established accept
|
|
log prefix "Packet discarded by policy: "
|
|
}
|