rc/network
2
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

firewall: expand convenience nftables port sets

Browse source 
Should probably just allow everything for AD at this point.
This commit is contained in:
Timotej Lazar 2024-09-21 20:19:24 +02:00
parent 5a9f0ac26a
commit f8e8acb521
1 changed files with 19 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
roles/firewall/templates/nftables.nft.j2
View file

@ -18,8 +18,10 @@ table inet filter {
type inet_proto . inet_service type inet_proto . inet_service
flags interval flags interval
elements = { elements = {
tcp . 53,
tcp . 88, tcp . 88,
tcp . 135, tcp . 135,
tcp . 139,
tcp . 389, tcp . 389,
tcp . 445, tcp . 445,
tcp . 464, tcp . 464,
@ -29,14 +31,31 @@ table inet filter {
tcp . 9389, tcp . 9389,
tcp . 22222-22224, tcp . 22222-22224,
tcp . 49152-65535, tcp . 49152-65535,
udp . 53,
udp . 88, udp . 88,
udp . 135, udp . 135,
udp . 137, # netbios, maybe can do without
udp . 138, # netbios, maybe can do without
udp . 389, udp . 389,
udp . 464, udp . 464,
udp . 3269 udp . 3269
} }
} }
set ldap-ports {
type inet_proto . inet_service
flags interval
elements = {
tcp . 88,
tcp . 389,
tcp . 636,
tcp . 3268,
tcp . 3269,
udp . 88,
udp . 389
}
}
chain input { chain input {
type filter hook input priority 0; policy drop type filter hook input priority 0; policy drop