1 Testing an ipset declaration.
5 include("./root/usr/share/firewall4/main.uc", {
6 getenv: function(varname) {
16 -- File uci/helpers.json --
20 -- File fs/open~set-entries_txt.txt --
25 -- File uci/firewall.json --
30 "comment": "A simple set",
33 "match": [ "src_ip", "dest_port" ],
40 "loadfile": "set-entries.txt"
56 comment "A simple set"
57 type ipv4_addr . inet_service
79 include "/etc/nftables.d/*.nft"
87 type filter hook input priority filter; policy drop;
89 iifname "lo" accept comment "!fw4: Accept traffic from loopback"
91 ct state vmap { established : accept, related : accept } comment "!fw4: Handle inbound flows"
95 type filter hook forward priority filter; policy drop;
97 ct state vmap { established : accept, related : accept } comment "!fw4: Handle forwarded flows"
101 type filter hook output priority filter; policy drop;
103 oifname "lo" accept comment "!fw4: Accept traffic towards loopback"
105 ct state vmap { established : accept, related : accept } comment "!fw4: Handle outbound flows"
109 type filter hook prerouting priority filter; policy accept;
112 chain handle_reject {
113 meta l4proto tcp reject with tcp reset comment "!fw4: Reject TCP traffic"
114 reject with icmpx type port-unreachable comment "!fw4: Reject any other traffic"
123 type nat hook prerouting priority dstnat; policy accept;
127 type nat hook postrouting priority srcnat; policy accept;
132 # Raw rules (notrack)
135 chain raw_prerouting {
136 type filter hook prerouting priority raw; policy accept;
140 type filter hook output priority raw; policy accept;
148 chain mangle_prerouting {
149 type filter hook prerouting priority mangle; policy accept;
152 chain mangle_postrouting {
153 type filter hook postrouting priority mangle; policy accept;
157 type filter hook input priority mangle; policy accept;
160 chain mangle_output {
161 type route hook output priority mangle; policy accept;
164 chain mangle_forward {
165 type filter hook forward priority mangle; policy accept;