3 # Provides: nftables.sh
4 # Required-Start: $remote_fs $network
5 # Required-Stop: $remote_fs
6 # Default-Start: 2 3 4 5
8 # Short-Description: nftables firewall
13 . /etc/network/functions.phd
17 /etc/init.d/fail2ban stop
23 nft add table ip filter
25 nft add chain ip nat prerouting \{ type nat hook prerouting priority dstnat\; policy accept\; \}
26 nft add chain ip nat postrouting \{ type nat hook postrouting priority srcnat\; policy accept\; \}
27 nft add chain ip filter input \{ type filter hook input priority filter\; policy drop\; \}
28 nft add chain ip filter output \{ type filter hook output priority filter\; policy accept\; \}
29 nft add chain ip filter forward \{ type filter hook forward priority filter\; policy drop\; \}
33 /etc/init.d/fail2ban start
37 /etc/init.d/fail2ban stop
40 nft add chain ip filter input \{ type filter hook input priority filter\; policy drop\; \}
41 nft add chain ip filter output \{ type filter hook output priority filter\; policy drop\; \}
42 nft add chain ip filter forward \{ type filter hook forward priority filter\; policy drop\; \}
46 /etc/init.d/fail2ban stop
48 # Flush (delete) all rules
50 nft add chain ip filter input \{ type filter hook input priority filter\; policy accept\; \}
51 nft add chain ip filter output \{ type filter hook output priority filter\; policy accept\; \}
52 nft add chain ip filter forward \{ type filter hook forward priority filter\; policy accept\; \}
56 echo "Usage: firewall {start|stop|clear}"