{"body":"#!/usr/sbin/nft -f\r\r\r\rtable inet filter\r\rflush table inet filter\r\r\r\rdefine V4_NEIGHBORS = {\r\r  10.0.2.15,  # pretalx\r\r}\r\r\r\rdefine V6_NEIGHBORS = {\r\r}\r\r\r\rtable inet filter {\r\r    chain input {\r\r        type filter hook input priority 0;\r\r        iif lo accept\r\r        ct state established,related accept\r\r        icmp type echo-request counter accept\r\r        icmpv6 type echo-request counter accept\r\r        \r\r        ip saddr $V4_NEIGHBORS accept\r\r        ip6 saddr $V6_NEIGHBORS accept\r\r\r\r        # accept neighbour discovery otherwise connectivity breaks:\r\r        icmpv6 type { nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert } accept\r\r        tcp dport { ssh, http, https, smtp, imap2, imaps} ct state new accept\r\r        \r\r        counter drop\r\r    }\r\r}\r\r","name":"","extension":"txt","url":"https://www.irccloud.com/pastebin/TszQbT45","modified":1712157415,"id":"TszQbT45","size":772,"lines":1,"own_paste":false,"theme":"","date":1712157415}