Add libvirt support and update Makefile - nftablesconf

commit 14ad6ec8b8ec8c543bca24208d0a35db08b8d8f3
parent ae8b700c0023ac521514231c979e0be25628ba20
Author: Robert Russell <robert@rr3.xyz>
Date:   Mon,  7 Oct 2024 10:28:07 -0700

Add libvirt support and update Makefile

Diffstat:
M Makefile  | 1 +
M nftables.conf  | 6 ++++++

2 files changed, 7 insertions(+), 0 deletions(-)
diff --git a/Makefile b/Makefile
@@ -2,3 +2,4 @@
 
 install: nftables.conf
 	cp nftables.conf /etc/nftables.conf
+	nft -f /etc/nftables.conf
diff --git a/nftables.conf b/nftables.conf
@@ -5,6 +5,7 @@ table inet firewall {
 		type filter hook input priority filter; policy drop;
 
 		meta iif lo accept
+		meta iif virbr0 accept
 		ct state invalid drop
 		ct state established,related accept
 		meta l4proto icmp accept
@@ -15,6 +16,11 @@ table inet firewall {
 
 	chain forward {
 		type filter hook forward priority filter; policy drop;
+
+		meta iif virbr0 accept
+		meta oif virbr0 accept
+
+		counter comment "Count everything else"
 	}
 
 	chain output {

	nftablesconf minimal nftables.conf
	git clone git://git.rr3.xyz/nftablesconf
	Log \| Files \| Refs