dbxe
/
fusionpbx-install.sh
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Create nftables.sh 

Add the start of an nftables script. Will need additional work.
This commit is contained in:
FusionPBX 2021-01-22 14:26:32 -07:00 committed by GitHub
parent 5699784e94
commit 94fd2d4d39
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 30 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
debian/resources/nftables.sh vendored Normal file
View File

@ -0,0 +1,30 @@
#!/bin/sh
#move to script directory so all relative paths work
cd "$(dirname "$0")"
#add the includes
. ./config.sh
. ./colors.sh
. ./environment.sh
#send a message
verbose "Configuring nftables"
#run iptables commands
nft add rule ip filter INPUT iifname "lo" counter accept
nft add rule ip filter INPUT ct state related,established counter accept
nft add rule ip filter INPUT tcp dport 22 counter accept
nft add rule ip filter INPUT tcp dport 80 counter accept
nft add rule ip filter INPUT tcp dport 443 counter accept
nft add rule ip filter INPUT tcp dport 7443 counter accept
nft add rule ip filter INPUT tcp dport 5060-5091 counter accept
nft add rule ip filter INPUT udp dport 5060-5091 counter accept
nft add rule ip filter INPUT udp dport 16384-32768 counter accept
nft add rule ip filter INPUT icmp type echo-request counter accept
nft add rule ip filter INPUT udp dport 1194 counter accept
nft add rule ip mangle OUTPUT udp sport 16384-32768 counter ip dscp set 0x2e
nft add rule ip mangle OUTPUT tcp sport 5060-5091 counter ip dscp set 0x1a
nft add rule ip mangle OUTPUT udp sport 5060-5091 counter ip dscp set 0x1a