modules/nftables.conf

table inet filter {
    chain input {
        type filter hook input priority 0; policy drop;

        # 1. Autoriser le trafic interne (loopback)
        iif "lo" accept

        # 2. Autoriser les connexions déjà établies (réponses au trafic sortant)
        ct state established,related accept

        # 3. Autoriser le SSH (Port 22)
        tcp dport 22 accept

        # 4. Autoriser le Ping 
        icmp type echo-request accept
        icmpv6 type echo-request accept

       
    }

    chain forward {
        type filter hook forward priority 0; policy drop;
    }

    chain output {
        type filter hook output priority 0; policy accept;
    }
}
1.0 2026-04-04 18:25:21 +02:00			`table inet filter {`
			`chain input {`
			`type filter hook input priority 0; policy drop;`

			`# 1. Autoriser le trafic interne (loopback)`
			`iif "lo" accept`

			`# 2. Autoriser les connexions déjà établies (réponses au trafic sortant)`
			`ct state established,related accept`

maj 2026-04-04 21:06:14 +02:00			`# 3. Autoriser le SSH (Port 22)`
1.0 2026-04-04 18:25:21 +02:00			`tcp dport 22 accept`

maj 2026-04-04 21:06:14 +02:00			`# 4. Autoriser le Ping`
1.0 2026-04-04 18:25:21 +02:00			`icmp type echo-request accept`
			`icmpv6 type echo-request accept`

maj 2026-04-04 21:06:14 +02:00
1.0 2026-04-04 18:25:21 +02:00			`}`

			`chain forward {`
			`type filter hook forward priority 0; policy drop;`
			`}`

			`chain output {`
			`type filter hook output priority 0; policy accept;`
			`}`
			`}`