blob: 35e3f36e1a548fe859f0a7ee65fae4ac0dcce689 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
table ip test {
chain test {
ip saddr 127.0.0.1 accept
iif "lo" accept
tcp dport != 22 drop
ip saddr 127.0.0.0/8 accept
ip saddr 127.0.0.1-192.168.7.3 accept
tcp sport 1-1023 drop
ip daddr { 192.168.7.1, 192.168.7.5 } accept
tcp dport { 80, 443 } accept
ip daddr . tcp dport { 192.168.0.1 . 22 } accept
meta mark set ip daddr map { 192.168.0.1 : 0x00000001 }
ct state { established, related } accept
}
}
|