Goodmorning everyone,
Does it make sense to use this kind of grammar in a bash script?
$NFT add table inet firewall
$NFT add table inet nat
$NFT add table netdev noddos
$NFT add chain inet firewall INPUT { type filter hook input priority 0 \; }
$NFT add chain inet firewall OUTPUT { type filter hook output priority 0
\; }
$NFT add chain inet firewall FORWARD { type filter hook forward priority
0 \; }
$NFT add chain inet firewall IPS { type filter hook forward priority 10 \; }
$NFT add chain inet firewall POSTROUTING { type filter hook postrouting
priority 0 \; }
$NFT add chain inet firewall SYN-FLOOD { type filter hook input priority
0 \; }
$NFT -- add chain inet nat PREROUTING { type nat hook prerouting
priority -100 \; }
$NFT add chain inet nat OUTPUT { type nat hook output priority 0 \; }
$NFT add chain inet nat POSTROUTING { type nat hook postrouting priority
100 \; }
$NFT -- add chain netdev noddos ingress { type filter hook ingress
device $EXTIF priority -500 \; }
my rules
my rules
my rules
.
.
.
$NFT add chain inet firewall INPUT { type filter hook input priority 0
\; policy drop \; }
$NFT add chain inet firewall OUTPUT { type filter hook output priority 0
\; policy drop \; }
$NFT add chain inet firewall FORWARD { type filter hook forward priority
0 \; policy drop \; }
$NFT -- add chain inet nat PREROUTING { type nat hook prerouting
priority -100 \; policy drop \; }
$NFT add chain inet nat OUTPUT { type nat hook output priority 0
\;policy drop \; }
The reasoning that I have done and of which I ask for confirmation is,
after having given permission to what I need, I deny everything as a policy
Thanks in advance to those who want to answer me.
Attachment:
signature.asc
Description: OpenPGP digital signature
