Merge pull request #711 from pitkley/705-nftables.conf-better-defaults

Suggest better defaults for `/etc/nftables.conf`
pitkley · Jan 7, 2024 · a97b3ad · a97b3ad
2 parents e35f79c + c2ad46f
commit a97b3ad
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/docs/GETTING-STARTED-nftables.md b/docs/GETTING-STARTED-nftables.md
@@ -74,6 +74,12 @@
     table inet filter {
         chain input {
             type filter hook input priority 0; policy drop;
+  
+            # Ensure local traffic is accepted still
+            iif lo accept
+            # Allow established connections (e.g. responses to outgoing traffic)
+            ct state { established, related } accept
+            # Allow incoming SSH connections
             tcp dport 22 accept
         }
         chain forward {