1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
#!/bin/bash
set -e
RULESET='table inet t {
chain ack_chain {}
chain urg_chain {}
chain c {
tcp flags & (syn | rst | ack | urg) == ack | urg
tcp flags & (fin | syn | rst | ack | urg) == fin | ack | urg
tcp flags & (fin | syn | rst | ack | urg) == fin | ack
tcp flags & (fin | syn | rst | ack | urg) == fin
tcp flags & (fin | syn | rst | ack | urg) == syn | ack
tcp flags & (fin | syn | rst | ack | urg) == syn
tcp flags & (fin | syn | rst | ack | urg) == rst | ack
tcp flags & (fin | syn | rst | ack | urg) == rst
tcp flags & (fin | syn | rst | ack | urg) == ack | urg
tcp flags & (fin | syn | rst | ack | urg) == ack
tcp flags & (rst | ack | urg) == rst | ack
tcp flags & (ack | urg) == ack jump ack_chain
tcp flags & (ack | urg) == urg jump urg_chain
}
}'
$NFT -o -f - <<< $RULESET
|
