Linux cpanel.rrshost.in 5.15.0-25-generic #25-Ubuntu SMP Wed Mar 30 15:54:22 UTC 2022 x86_64
Apache
: 109.123.238.221 | : 172.69.17.123
128 Domain
8.2.28
aev999
Terminal
AUTO ROOT
Adminer
Backdoor Destroyer
Linux Exploit
Lock Shell
Lock File
Create User
CREATE RDP
PHP Mailer
BACKCONNECT
HASH IDENTIFIER
README
+ Create Folder
+ Create File
/
usr /
share /
doc /
nftables /
examples /
[ HOME SHELL ]
Name
Size
Permission
Action
sysvinit
[ DIR ]
drwxr-xr-x
README
475
B
-rw-r--r--
all-in-one.nft
1016
B
-rw-r--r--
arp-filter.nft
129
B
-rw-r--r--
bridge-filter.nft
197
B
-rw-r--r--
ct_helpers.nft
1.23
KB
-rwxr-xr-x
inet-filter.nft
187
B
-rw-r--r--
inet-nat.nft
251
B
-rw-r--r--
ipv4-filter.nft
182
B
-rw-r--r--
ipv4-mangle.nft
74
B
-rw-r--r--
ipv4-nat.nft
246
B
-rw-r--r--
ipv4-raw.nft
137
B
-rw-r--r--
ipv6-filter.nft
186
B
-rw-r--r--
ipv6-mangle.nft
78
B
-rw-r--r--
ipv6-nat.nft
253
B
-rw-r--r--
ipv6-raw.nft
141
B
-rw-r--r--
load_balancing.nft
1.81
KB
-rwxr-xr-x
nat.nft
1.14
KB
-rwxr-xr-x
netdev-ingress.nft
128
B
-rw-r--r--
overview.nft
1.05
KB
-rwxr-xr-x
pf.os
28.21
KB
-rw-r--r--
secmark.nft
2.35
KB
-rwxr-xr-x
sets_and_maps.nft
1.25
KB
-rwxr-xr-x
workstation.nft
817
B
-rwxr-xr-x
Delete
Unzip
Zip
${this.title}
Close
Code Editor : secmark.nft
#!/usr/sbin/nft -f # This example file shows how to use secmark labels with the nftables framework. # This script is meant to be loaded with `nft -f <file>` # You require linux kernel >= 4.20 and nft >= 0.9.3 # This example is SELinux based, for the secmark objects you require # SELinux enabled and a SELinux policy defining the stated contexts # For up-to-date information please visit https://wiki.nftables.org flush ruleset table inet x { secmark ssh_server { "system_u:object_r:ssh_server_packet_t:s0" } secmark dns_client { "system_u:object_r:dns_client_packet_t:s0" } secmark http_client { "system_u:object_r:http_client_packet_t:s0" } secmark https_client { "system_u:object_r:http_client_packet_t:s0" } secmark ntp_client { "system_u:object_r:ntp_client_packet_t:s0" } secmark icmp_client { "system_u:object_r:icmp_client_packet_t:s0" } secmark icmp_server { "system_u:object_r:icmp_server_packet_t:s0" } secmark ssh_client { "system_u:object_r:ssh_client_packet_t:s0" } secmark git_client { "system_u:object_r:git_client_packet_t:s0" } map secmapping_in { type inet_service : secmark elements = { 22 : "ssh_server" } } map secmapping_out { type inet_service : secmark elements = { 22 : "ssh_client", 53 : "dns_client", 80 : "http_client", 123 : "ntp_client", 443 : "http_client", 9418 : "git_client" } } chain y { type filter hook input priority -225; # label new incoming packets and add to connection ct state new meta secmark set tcp dport map @secmapping_in ct state new meta secmark set udp dport map @secmapping_in ct state new ip protocol icmp meta secmark set "icmp_server" ct state new ip6 nexthdr icmpv6 meta secmark set "icmp_server" ct state new ct secmark set meta secmark # set label for est/rel packets from connection ct state established,related meta secmark set ct secmark } chain z { type filter hook output priority 225; # label new outgoing packets and add to connection ct state new meta secmark set tcp dport map @secmapping_out ct state new meta secmark set udp dport map @secmapping_out ct state new ip protocol icmp meta secmark set "icmp_client" ct state new ip6 nexthdr icmpv6 meta secmark set "icmp_client" ct state new ct secmark set meta secmark # set label for est/rel packets from connection ct state established,related meta secmark set ct secmark } }
Close
