dorphine.nftables
1 flush ruleset 2 3 table inet filter { 4 chain input { 5 type filter hook input priority 0; policy drop; 6 ct state invalid drop 7 ct state { established, related } accept 8 iif lo accept 9 iif != lo ip daddr 127.0.0.1/8 drop 10 iif != lo ip6 daddr ::1/128 drop 11 ip protocol icmp accept 12 ip6 nexthdr icmpv6 accept 13 udp dport mdns accept 14 tcp dport https accept 15 udp dport https accept 16 tcp dport 5558 accept 17 tcp dport 49637 accept 18 tcp dport 25565 accept 19 udp dport 21027 accept 20 meta l4proto { tcp, udp } th dport 22000 accept 21 tcp dport 41641 accept 22 udp dport { 4950, 4955 } accept 23 tcp dport 6695-6699 accept 24 reject with icmpx type port-unreachable 25 } 26 chain forward { 27 type filter hook forward priority 0; policy drop; 28 } 29 chain output { 30 type filter hook output priority 0; policy accept; 31 } 32 }