nftables block ping#

this is very first my nftables configuration that

block ping from other machine
allow me to ping-ing other machine
allow ping 127.0.0.1

this script uses default chain, and jump stuff. here what I learn

flush ruleset

# allow icmp out, block incoming
table ip filter {
        chain input {
                type filter hook input priority 0; policy accept;
                jump icmp_input
        }

        chain output {
                type filter hook output priority 0; policy accept;
                jump icmp_output
                return
        }

        chain icmp_input {
                ip daddr 127.0.0.1 icmp type echo-request accept;

                icmp type echo-request drop;
                icmp type echo-reply accept;
                return
        }

        chain icmp_output {
                icmp type echo-request accept;
                return
        }
}

nftables block ping#

This Page