Skip to content

Instantly share code, notes, and snippets.

@dearing

dearing/firewall.json

Created May 12, 2015 06:17
Show Gist options
  • Save dearing/e8b2afb596c4489e1c33 to your computer and use it in GitHub Desktop.
Save dearing/e8b2afb596c4489e1c33 to your computer and use it in GitHub Desktop.
Download ZIP
$ nft export > firewall.json
Raw
firewall.json
{
"nftables": [
{
"table": {
"name": "nat",
"family": "ip",
"flags": 0,
"use": 2
}
},
{
"table": {
"name": "firewall",
"family": "inet",
"flags": 0,
"use": 1
}
},
{
"chain": {
"name": "prerouting",
"handle": 1,
"bytes": 47719399,
"packets": 396384,
"table": "nat",
"family": "ip",
"use": 0,
"type": "nat",
"hooknum": "prerouting",
"prio": 0,
"policy": "accept"
}
},
{
"chain": {
"name": "postrouting",
"handle": 2,
"bytes": 0,
"packets": 0,
"table": "nat",
"family": "ip",
"use": 1,
"type": "nat",
"hooknum": "postrouting",
"prio": 0,
"policy": "accept"
}
},
{
"chain": {
"name": "incoming",
"handle": 1,
"bytes": 0,
"packets": 0,
"table": "firewall",
"family": "inet",
"use": 10,
"type": "filter",
"hooknum": "input",
"prio": 0,
"policy": "accept"
}
},
{
"set": {
"name": "set0",
"table": "firewall",
"flags": 3,
"family": "inet",
"key_type": 26,
"key_len": 4,
"set_elem": [
{
"key": {
"reg": {
"type": "value",
"len": 4,
"data0": "0x00000004"
}
}
},
{
"key": {
"reg": {
"type": "value",
"len": 4,
"data0": "0x00000002"
}
}
}
]
}
},
{
"rule": {
"family": "ip",
"table": "nat",
"chain": "postrouting",
"handle": 3,
"expr": [
{
"type": "masq"
}
]
}
},
{
"rule": {
"family": "inet",
"table": "firewall",
"chain": "incoming",
"handle": 2,
"expr": [
{
"type": "meta",
"dreg": 1,
"key": "l4proto"
},
{
"type": "cmp",
"sreg": 1,
"op": "eq",
"data": {
"reg": {
"type": "value",
"len": 1,
"data0": "0x00000006"
}
}
},
{
"type": "payload",
"dreg": 1,
"offset": 13,
"len": 1,
"base": "transport"
},
{
"type": "bitwise",
"sreg": 1,
"dreg": 1,
"len": 1,
"mask": {
"reg": {
"type": "value",
"len": 1,
"data0": "0x00000003"
}
},
"xor": {
"reg": {
"type": "value",
"len": 1,
"data0": "0x00000000"
}
}
},
{
"type": "cmp",
"sreg": 1,
"op": "eq",
"data": {
"reg": {
"type": "value",
"len": 1,
"data0": "0x00000003"
}
}
},
{
"type": "immediate",
"dreg": 0,
"data": {
"reg": {
"type": "verdict",
"verdict": "drop"
}
}
}
]
}
},
{
"rule": {
"family": "inet",
"table": "firewall",
"chain": "incoming",
"handle": 3,
"position": 2,
"expr": [
{
"type": "meta",
"dreg": 1,
"key": "l4proto"
},
{
"type": "cmp",
"sreg": 1,
"op": "eq",
"data": {
"reg": {
"type": "value",
"len": 1,
"data0": "0x00000006"
}
}
},
{
"type": "payload",
"dreg": 1,
"offset": 13,
"len": 1,
"base": "transport"
},
{
"type": "bitwise",
"sreg": 1,
"dreg": 1,
"len": 1,
"mask": {
"reg": {
"type": "value",
"len": 1,
"data0": "0x00000006"
}
},
"xor": {
"reg": {
"type": "value",
"len": 1,
"data0": "0x00000000"
}
}
},
{
"type": "cmp",
"sreg": 1,
"op": "eq",
"data": {
"reg": {
"type": "value",
"len": 1,
"data0": "0x00000006"
}
}
},
{
"type": "immediate",
"dreg": 0,
"data": {
"reg": {
"type": "verdict",
"verdict": "drop"
}
}
}
]
}
},
{
"rule": {
"family": "inet",
"table": "firewall",
"chain": "incoming",
"handle": 4,
"position": 3,
"expr": [
{
"type": "meta",
"dreg": 1,
"key": "l4proto"
},
{
"type": "cmp",
"sreg": 1,
"op": "eq",
"data": {
"reg": {
"type": "value",
"len": 1,
"data0": "0x00000006"
}
}
},
{
"type": "payload",
"dreg": 1,
"offset": 13,
"len": 1,
"base": "transport"
},
{
"type": "bitwise",
"sreg": 1,
"dreg": 1,
"len": 1,
"mask": {
"reg": {
"type": "value",
"len": 1,
"data0": "0x0000003f"
}
},
"xor": {
"reg": {
"type": "value",
"len": 1,
"data0": "0x00000000"
}
}
},
{
"type": "cmp",
"sreg": 1,
"op": "lt",
"data": {
"reg": {
"type": "value",
"len": 1,
"data0": "0x00000001"
}
}
},
{
"type": "immediate",
"dreg": 0,
"data": {
"reg": {
"type": "verdict",
"verdict": "drop"
}
}
}
]
}
},
{
"rule": {
"family": "inet",
"table": "firewall",
"chain": "incoming",
"handle": 5,
"position": 4,
"expr": [
{
"type": "meta",
"dreg": 1,
"key": "l4proto"
},
{
"type": "cmp",
"sreg": 1,
"op": "eq",
"data": {
"reg": {
"type": "value",
"len": 1,
"data0": "0x00000006"
}
}
},
{
"type": "payload",
"dreg": 1,
"offset": 13,
"len": 1,
"base": "transport"
},
{
"type": "bitwise",
"sreg": 1,
"dreg": 1,
"len": 1,
"mask": {
"reg": {
"type": "value",
"len": 1,
"data0": "0x0000003f"
}
},
"xor": {
"reg": {
"type": "value",
"len": 1,
"data0": "0x00000000"
}
}
},
{
"type": "cmp",
"sreg": 1,
"op": "eq",
"data": {
"reg": {
"type": "value",
"len": 1,
"data0": "0x00000029"
}
}
},
{
"type": "immediate",
"dreg": 0,
"data": {
"reg": {
"type": "verdict",
"verdict": "drop"
}
}
}
]
}
},
{
"rule": {
"family": "inet",
"table": "firewall",
"chain": "incoming",
"handle": 6,
"position": 5,
"expr": [
{
"type": "meta",
"dreg": 1,
"key": "nfproto"
},
{
"type": "cmp",
"sreg": 1,
"op": "eq",
"data": {
"reg": {
"type": "value",
"len": 1,
"data0": "0x00000002"
}
}
},
{
"type": "payload",
"dreg": 1,
"offset": 9,
"len": 1,
"base": "network"
},
{
"type": "cmp",
"sreg": 1,
"op": "eq",
"data": {
"reg": {
"type": "value",
"len": 1,
"data0": "0x00000001"
}
}
},
{
"type": "limit",
"rate": 10,
"unit": 1
},
{
"type": "immediate",
"dreg": 0,
"data": {
"reg": {
"type": "verdict",
"verdict": "accept"
}
}
}
]
}
},
{
"rule": {
"family": "inet",
"table": "firewall",
"chain": "incoming",
"handle": 7,
"position": 6,
"expr": [
{
"type": "ct",
"dreg": 1,
"key": "state"
},
{
"type": "lookup",
"set": "set0",
"sreg": 1
},
{
"type": "immediate",
"dreg": 0,
"data": {
"reg": {
"type": "verdict",
"verdict": "accept"
}
}
}
]
}
},
{
"rule": {
"family": "inet",
"table": "firewall",
"chain": "incoming",
"handle": 8,
"position": 7,
"expr": [
{
"type": "ct",
"dreg": 1,
"key": "state"
},
{
"type": "bitwise",
"sreg": 1,
"dreg": 1,
"len": 4,
"mask": {
"reg": {
"type": "value",
"len": 4,
"data0": "0x00000001"
}
},
"xor": {
"reg": {
"type": "value",
"len": 4,
"data0": "0x00000000"
}
}
},
{
"type": "cmp",
"sreg": 1,
"op": "neq",
"data": {
"reg": {
"type": "value",
"len": 4,
"data0": "0x00000000"
}
}
},
{
"type": "immediate",
"dreg": 0,
"data": {
"reg": {
"type": "verdict",
"verdict": "drop"
}
}
}
]
}
},
{
"rule": {
"family": "inet",
"table": "firewall",
"chain": "incoming",
"handle": 9,
"position": 8,
"expr": [
{
"type": "meta",
"dreg": 1,
"key": "iifname"
},
{
"type": "cmp",
"sreg": 1,
"op": "eq",
"data": {
"reg": {
"type": "value",
"len": 16,
"data0": "0x00006f6c",
"data1": "0x00000000",
"data2": "0x00000000",
"data3": "0x00000000"
}
}
},
{
"type": "immediate",
"dreg": 0,
"data": {
"reg": {
"type": "verdict",
"verdict": "accept"
}
}
}
]
}
},
{
"rule": {
"family": "inet",
"table": "firewall",
"chain": "incoming",
"handle": 10,
"position": 9,
"expr": [
{
"type": "meta",
"dreg": 1,
"key": "iif"
},
{
"type": "cmp",
"sreg": 1,
"op": "eq",
"data": {
"reg": {
"type": "value",
"len": 4,
"data0": "0x00000003"
}
}
},
{
"type": "counter",
"pkts": 3797,
"bytes": 288842
},
{
"type": "immediate",
"dreg": 0,
"data": {
"reg": {
"type": "verdict",
"verdict": "accept"
}
}
}
]
}
},
{
"rule": {
"family": "inet",
"table": "firewall",
"chain": "incoming",
"handle": 11,
"position": 10,
"expr": [
{
"type": "log",
"prefix": "REJECT: ",
"level": 4
},
{
"type": "counter",
"pkts": 139710,
"bytes": 18580772
},
{
"type": 2,
"code": 1
}
]
}
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment