bundles/nftables: add feature to block ips

2024-01-21 11:44:13 +01:00 · 2024-01-21 11:44:13 +01:00 · bb56f0fb9a
commit bb56f0fb9a
parent ee58509e93
2 changed files with 9 additions and 0 deletions
--- a/bundles/nftables/files/nftables.conf
+++ b/bundles/nftables/files/nftables.conf
@ -14,6 +14,13 @@ table inet filter {

        iif lo accept

+% for address in sorted(blocked_v4):
+        ip saddr ${address} drop
+% endfor
+% for address in sorted(blocked_v6):
+        ip6 saddr ${address} drop
+% endfor
+
        icmp type timestamp-request drop
        icmp type timestamp-reply drop
        ip protocol icmp accept