Gecko [ v99win.today ]

Name	Size	Permission
sysvinit	[ DIR ]	drwxr-xr-x
README	475 B	-rw-r--r--
all-in-one.nft	1016 B	-rw-r--r--
arp-filter.nft	129 B	-rw-r--r--
bridge-filter.nft	197 B	-rw-r--r--
ct_helpers.nft	1.23 KB	-rwxr-xr-x
inet-filter.nft	187 B	-rw-r--r--
inet-nat.nft	251 B	-rw-r--r--
ipv4-filter.nft	182 B	-rw-r--r--
ipv4-mangle.nft	74 B	-rw-r--r--
ipv4-nat.nft	246 B	-rw-r--r--
ipv4-raw.nft	137 B	-rw-r--r--
ipv6-filter.nft	186 B	-rw-r--r--
ipv6-mangle.nft	78 B	-rw-r--r--
ipv6-nat.nft	253 B	-rw-r--r--
ipv6-raw.nft	141 B	-rw-r--r--
load_balancing.nft	1.81 KB	-rwxr-xr-x
nat.nft	1.14 KB	-rwxr-xr-x
netdev-ingress.nft	128 B	-rw-r--r--
overview.nft	1.05 KB	-rwxr-xr-x
pf.os	28.21 KB	-rw-r--r--
secmark.nft	2.35 KB	-rwxr-xr-x
sets_and_maps.nft	1.25 KB	-rwxr-xr-x
workstation.nft	817 B	-rwxr-xr-x

Name

Size

Permission

Action

sysvinit

[ DIR ]

drwxr-xr-x

README

475 B

-rw-r--r--

all-in-one.nft

1016 B

-rw-r--r--

arp-filter.nft

129 B

-rw-r--r--

bridge-filter.nft

197 B

-rw-r--r--

ct_helpers.nft

1.23 KB

-rwxr-xr-x

inet-filter.nft

187 B

-rw-r--r--

inet-nat.nft

251 B

-rw-r--r--

ipv4-filter.nft

182 B

-rw-r--r--

ipv4-mangle.nft

74 B

-rw-r--r--

ipv4-nat.nft

246 B

-rw-r--r--

ipv4-raw.nft

137 B

-rw-r--r--

ipv6-filter.nft

186 B

-rw-r--r--

ipv6-mangle.nft

78 B

-rw-r--r--

ipv6-nat.nft

253 B

-rw-r--r--

ipv6-raw.nft

141 B

-rw-r--r--

load_balancing.nft

1.81 KB

-rwxr-xr-x

nat.nft

1.14 KB

-rwxr-xr-x

netdev-ingress.nft

128 B

-rw-r--r--

overview.nft

1.05 KB

-rwxr-xr-x

pf.os

28.21 KB

-rw-r--r--

secmark.nft

2.35 KB

-rwxr-xr-x

sets_and_maps.nft

1.25 KB

-rwxr-xr-x

workstation.nft

817 B

-rwxr-xr-x

Code Editor : ct_helpers.nft

#!/usr/sbin/nft -f

# This example file shows how to use ct helpers in the nftables framework.
# Note that nftables includes interesting improvements compared to how this
# was done with iptables, such as loading multiple helpers with a single rule
# This script is meant to be loaded with `nft -f <file>`
# You require linux kernel >= 4.12 and nft >= 0.8
# For up-to-date information please visit https://wiki.nftables.org

# Using ct helpers is an important security feature when doing stateful
# firewalling, since it mitigate certain networking attacks.
# More info at: https://home.regit.org/netfilter-en/secure-use-of-helpers/

flush ruleset
table inet filter {
	# declare helpers of this table
	ct helper ftp-standard {
		type "ftp" protocol tcp;
		l3proto inet
	}
	ct helper sip-5060 {
		type "sip" protocol udp;
		l3proto inet
	}
	ct helper tftp-69 {
		type "tftp" protocol udp
		l3proto inet
	}

chain input {
		type filter hook input priority 0; policy drop;
		ct state established,related accept

# assign a single helper in a single rule
		tcp dport 21 ct helper set "ftp-standard"

# assign multiple helpers in a single rule
		ct helper set udp dport map {
	                        69 : "tftp-69", \
		                5060 : "sip-5060" }
	}
}

${this.title}

Code Editor : ct_helpers.nft