roles/common: Retab nftables.conf.j2

2021-07-27 22:03:23 +03:00 · 2021-07-27 22:03:23 +03:00 · 8bc2b6f493
parent a74d6dfc08
commit 8bc2b6f493
1 changed files with 16 additions and 16 deletions
--- a/roles/common/templates/nftables.conf.j2
+++ b/roles/common/templates/nftables.conf.j2
@ -13,20 +13,20 @@ include "/etc/nftables/spamhaus-ipv6.nft"
 #   - tables hold chains, chains hold rules
 #   - inet is for both ipv4 and ipv6
 table inet filter {
-	set spamhaus-ipv4 {
-		type ipv4_addr
+    set spamhaus-ipv4 {
+        type ipv4_addr
        # if the set contains prefixes we need to use the interval flag
        flags interval
-		elements = $SPAMHAUS_IPV4
-	}
+        elements = $SPAMHAUS_IPV4
+    }

-	set spamhaus-ipv6 {
-		type ipv6_addr
+    set spamhaus-ipv6 {
+        type ipv6_addr
        flags interval
-		elements = $SPAMHAUS_IPV6
-	}
+        elements = $SPAMHAUS_IPV6
+    }

-	chain input {
+    chain input {
        type filter hook input priority 0;

        # Allow traffic from established and related packets.
@ -74,14 +74,14 @@ table inet filter {

        # everything else
        reject with icmpx type port-unreachable
-	}
-	chain forward {
-		type filter hook forward priority 0;
-	}
-	chain output {
-		type filter hook output priority 0;
+    }
+    chain forward {
+        type filter hook forward priority 0;
+    }
+    chain output {
+        type filter hook output priority 0;
        # Drop outgoing packets matching the spamhaus sets too
        ip daddr @spamhaus-ipv4 counter drop
        ip6 daddr @spamhaus-ipv6 counter drop
-	}
+    }
 }