blob: 095f894d62e165b0d7e763e51f5939c6e8f9cdd6 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
table inet filter {
map portmap {
type inet_service : verdict
flags timeout
gc-interval 10s
elements = { 22 : jump ssh_input }
}
map portaddrmap {
typeof ip daddr . th dport : verdict
flags timeout
gc-interval 10s
elements = { 1.2.3.4 . 22 : jump ssh_input }
}
chain ssh_input {
}
chain log_and_drop {
drop
}
chain other_input {
goto log_and_drop
}
chain wan_input {
ip daddr . tcp dport vmap @portaddrmap
tcp dport vmap @portmap
}
chain prerouting {
type filter hook prerouting priority raw; policy accept;
iif vmap { "lo" : jump wan_input }
}
}
|
