Add instructions to configure nftables firewall
heitorPB opened this issue · 2 comments
heitorPB commented
The current documentation about prerequisites - firewalls describes how to use IPTables, FirewallD, and ufw. nftables is the "modern" version of IPTables and is not in the guide.
It would be nice to have official instructions for setting nftables up.
yubiuser commented
Thanks for the suggestion. Do you feel capable of writing the instructions and submitting a PR?
alfalfascout commented
The commands I used for nftables are as follows.
NFTables (IPv4)
nft insert rule ip filter INPUT ip saddr 192.168.0.0/16 tcp dport 80 counter accept
nft insert rule ip filter INPUT ip saddr 127.0.0.0/8 tcp dport 53 counter accept
nft insert rule ip filter INPUT ip saddr 127.0.0.0/8 udp dport 53 counter accept
nft insert rule ip filter INPUT ip saddr 192.168.0.0/16 tcp dport 53 counter accept
nft insert rule ip filter INPUT ip saddr 192.168.0.0/16 udp dport 53 counter accept
nft insert rule ip filter INPUT udp sport 67-68 udp dport 67-68 counter accept
nft insert rule ip filter INPUT iifname "lo" tcp dport 4711 counter accept
nft insert rule ip filter INPUT ct state related,established counter accept
If the above commands don't work (no such file or directory), run these, then try again:
nft add table ip filter
nft add chain ip filter INPUT { type filter hook input priority 0 \; }
NFTables (IPv6)
nft insert rule ip6 filter INPUT udp sport 546-547 udp dport 546-547 counter accept
nft insert rule ip6 filter INPUT ct state related,established counter accept
If the above commands don't work (no such file or directory), run these, then try again:
nft add table ip6 filter
nft add chain ip6 filter INPUT { type filter hook input priority 0 \; }