Initial commit

2024-05-09 22:45:53 +02:00 · 2024-05-09 22:45:53 +02:00 · 968d09e362
commit 968d09e362
88 changed files with 2323 additions and 0 deletions
--- a/contestops/config-nftables.conf
+++ b/contestops/config-nftables.conf
@ -0,0 +1,48 @@
+#!/usr/sbin/nft -f
+
+flush ruleset
+
+table inet filter {
+    chain input {
+        type filter hook input priority 0;
+
+        ct state invalid drop
+        ct state { established, related } accept
+
+        # Accept loopback
+        iif lo accept
+
+        # Accept ICMP
+        ip protocol icmp accept
+        ip6 nexthdr icmpv6 accept
+
+        # Accept incoming connections to these ports
+        tcp dport { ssh } accept
+
+        reject
+    }
+    chain forward {
+        type filter hook forward priority 0;
+        reject
+    }
+    chain output {
+        type filter hook output priority 0;
+
+        ct state invalid drop
+        ct state { established, related } accept
+
+        # Accept loopback
+        oif lo accept
+
+        # Accept outgoing connections to these addresses
+        ip daddr { 89.58.34.6 } tcp dport { https } accept
+        ip daddr { 89.58.34.6 } udp dport { ntp } accept
+        ip6 daddr { 2a03:4000:64:8::1 } tcp dport { https } accept
+        ip6 daddr { 2a03:4000:64:8::1 } udp dport { ntp } accept
+
+        # Accept any connections by root user
+        #meta skuid root accept
+
+        reject
+    }
+}