Suggest better defaults for /etc/nftables.conf

pitkley · Jan 7, 2024 · c2ad46f · c2ad46f
1 parent e35f79c
commit c2ad46f
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/docs/GETTING-STARTED-nftables.md b/docs/GETTING-STARTED-nftables.md
@@ -74,6 +74,12 @@
     table inet filter {
         chain input {
             type filter hook input priority 0; policy drop;
+  
+            # Ensure local traffic is accepted still
+            iif lo accept
+            # Allow established connections (e.g. responses to outgoing traffic)
+            ct state { established, related } accept
+            # Allow incoming SSH connections
             tcp dport 22 accept
         }
         chain forward {