Jeltz
64772b76e4
This is a fully static version of the config, and it is meant to be temporary (until I figure out a way to properly configure nftables using ansible…).
25 lines
398 B
Django/Jinja
25 lines
398 B
Django/Jinja
{{ ansible_managed | comment }}
|
|
|
|
table inet blacklist {
|
|
|
|
set blacklist_ipv4 {
|
|
type ipv4_addr
|
|
flags interval
|
|
}
|
|
|
|
set blacklist_ipv6 {
|
|
type ipv6_addr
|
|
flags interval
|
|
}
|
|
|
|
counter blacklist {}
|
|
|
|
chain filter {
|
|
type filter hook prerouting priority raw - 10
|
|
policy accept
|
|
|
|
ip6 saddr @blacklist_ipv6 counter name blacklist drop
|
|
ip saddr @blacklist_ipv4 counter name blacklist drop
|
|
}
|
|
|
|
}
|