Il ne faut pas accepter dans les chaines from

2019-01-10 00:17:02 +01:00 · 2019-01-10 00:17:02 +01:00 · f7269696c7
commit f7269696c7
parent 230d583110
1 changed files with 2 additions and 2 deletions
--- a/zones/dmz.nft
+++ b/zones/dmz.nft
@ -47,8 +47,8 @@ table inet firewall {
 	}

 	chain from_dmz {
-		ip saddr . tcp dport @dmz_allowed_tcp_out accept;
-		ip saddr . udp dport @dmz_allowed_udp_out accept;
+		not ip saddr . tcp dport @dmz_allowed_tcp_out drop;
+		not ip saddr . udp dport @dmz_allowed_udp_out drop;
 	}

 }