3
0
mirror of https://github.com/pragma-/pbot.git synced 2024-11-17 17:39:43 +01:00
pbot/applets/pbot-vm/guest/bin/disable-network-nftables
Pragmatic Software 17b69f04ff
pbot-vm: massive refactor
* replace heartbeat with health-check
  * instead of steady stream of newlines every 5s, now awaits input
    and responds with `vmstat` output

* more reliably use host/config/vm-exec.json to get libvirt domain name
  for snapshot-revert, server address, serial ports, vagrant setting, etc

* use iptables/nftables to disable networking
  * added guest/bin/disable-network-[iptables,nftables]
  * added guest/bin/enable-network-[iptables,nftables]

* replace ugly ___OUTPUT___ texts in sh, bash, ksh, zsh languages

* documentation updates and tweaks
2024-04-10 01:21:18 -07:00

9 lines
502 B
Bash
Executable File

#!/bin/sh
# disables all incoming, outgoing and forwarded traffic except incoming/established SSH
nft add table ip filter
nft add chain ip filter INPUT '{ type filter hook input priority 0; policy drop; }'
nft add chain ip filter OUTPUT '{ type filter hook output priority 0; policy drop; }'
nft 'add rule ip filter INPUT ct state related,established counter accept'
nft 'add rule ip filter INPUT tcp dport 22 counter accept'
nft 'add rule ip filter OUTPUT ct state related,established counter accept'