-
Notifications
You must be signed in to change notification settings - Fork 25
/
Copy pathuser-rules.nft
48 lines (34 loc) · 1.08 KB
/
user-rules.nft
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
table inet yuki {
chain user-ruleset {
# 🌐 Layer 4 — Transport Layer Rules
# Allow SSH by default
ct state new tcp dport 22 counter accept
# Minecraft server
#ct state new tcp dport 25565 counter accept
# SSH on port 2222
#ct state new tcp dport 2222 counter accept
# Allow HTTP
#ct state new tcp dport 80 counter accept
# Allow HTTPS
#ct state new tcp dport 443 counter accept
# Allow WireGuard
#ct state new udp dport 51820 counter accept
# Allow OpenVPN [TCP]
#ct state new tcp dport 1194 counter accept
# Allow OpenVPN [UDP]
#ct state new udp dport 1194 counter accept
# Custom UDP port (12345)
#ct state new udp dport 12345 counter accept
# Custom TCP port (12345)
#ct state new tcp dport 12345 counter accept
# 🧱 Layer 3 — Network Layer Rules
# ⚠️ These will not work if the protocol filter is active (it is, by default) in the main ruleset.
# Allow IGMP
#ip protocol igmp counter accept
# Allow GRE
#ip protocol gre counter accept
# Allow IPsec
#ip protocol ah counter accept
#ip protocol esp counter accept
}
}