3 # Provides: nftables.sh
4 # Required-Start: $remote_fs $network
5 # Required-Stop: $remote_fs
6 # Default-Start: 2 3 4 5
8 # Short-Description: nftables firewall
13 . /etc/network/functions.phd
17 systemctl stop fail2ban.service
23 nft create table ip filter
24 nft create table ip nat
25 nft create chain ip nat prerouting { type nat hook preroutung priority 0; policy accept; }
26 nft create chain ip nat postrouting { type nat hook postroutung priority 0; policy accept; }
27 nft create chain ip filter input { type filter hook input priority 0; policy drop; }
28 nft create chain ip filter output { type filter hook output priority 0; policy accept; }
29 nft create chain ip filter forward { type filter hook forward priority 0; policy drop; }
32 /etc/rc.d/init.d/rc.masq
33 systemctl start fail2ban.service
37 systemctl stop fail2ban.service
40 nft create chain ip filter input { type filter hook input priority 0; policy drop; }
41 nft create chain ip filter output { type filter hook output priority 0; policy drop; }
42 nft create chain ip filter forward { type filter hook forward priority 0; policy drop; }
46 systemctl stop fail2ban.service
48 # Flush (delete) all rules
50 nft create chain ip filter input { type filter hook input priority 0; policy accept; }
51 nft create chain ip filter output { type filter hook output priority 0; policy accept; }
52 nft create chain ip filter forward { type filter hook forward priority 0; policy accept; }
56 echo "Usage: firewall {start|stop|clear}"