root/etc/nftables.d/10-custom-filter-chains.nft

   1 ## The firewall4 input, forward and output chains are registered with
   2 ## priority `filter` (0).
   3
   4
   5 ## Uncomment the chains below if you want to stage rules *before* the
   6 ## default firewall input, forward and output chains.
   7
   8 # chain user_pre_input {
   9 #     type filter hook input priority -1; policy accept;
  10 #     tcp dport ssh ct state new log prefix "SSH connection attempt: "
  11 # }
  12 #
  13 # chain user_pre_forward {
  14 #     type filter hook forward priority -1; policy accept;
  15 # }
  16 #
  17 # chain user_pre_output {
  18 #     type filter hook output priority -1; policy accept;
  19 # }
  20
  21
  22 ## Uncomment the chains below if you want to stage rules *after* the
  23 ## default firewall input, forward and output chains.
  24
  25 # chain user_post_input {
  26 #     type filter hook input priority 1; policy accept;
  27 #     ct state new log prefix "Firewall4 accepted ingress: "
  28 # }
  29 #
  30 # chain user_post_forward {
  31 #     type filter hook forward priority 1; policy accept;
  32 #     ct state new log prefix "Firewall4 accepted forward: "
  33 # }
  34 #
  35 # chain user_post_output {
  36 #     type filter hook output priority 1; policy accept;
  37 #     ct state new log prefix "Firewall4 accepted egress: "
  38 # }
  39