Il ne faut pas accepter dans les chaines from

7 years ago · f7269696c7
1 changed files with 2 additions and 2 deletions
--- a/zones/dmz.nft
+++ b/zones/dmz.nft
@ -47,8 +47,8 @@ table inet firewall {
 	}

 	chain from_dmz {
-		ip saddr . tcp dport @dmz_allowed_tcp_out accept;
-		ip saddr . udp dport @dmz_allowed_udp_out accept;
+		not ip saddr . tcp dport @dmz_allowed_tcp_out drop;
+		not ip saddr . udp dport @dmz_allowed_udp_out drop;
 	}

 }