403Webshell
Server IP : 104.21.38.3  /  Your IP : 162.158.190.93
Web Server : Apache
System : Linux krdc-ubuntu-s-2vcpu-4gb-amd-blr1-01.localdomain 5.15.0-142-generic #152-Ubuntu SMP Mon May 19 10:54:31 UTC 2025 x86_64
User : www ( 1000)
PHP Version : 7.4.33
Disable Function : passthru,exec,system,putenv,chroot,chgrp,chown,shell_exec,popen,proc_open,pcntl_exec,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,imap_open,apache_setenv
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : OFF  |  Sudo : ON  |  Pkexec : ON
Directory :  /usr/share/doc/nftables/examples/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /usr/share/doc/nftables/examples/ct_helpers.nft
#!/usr/sbin/nft -f

# This example file shows how to use ct helpers in the nftables framework.
# Note that nftables includes interesting improvements compared to how this
# was done with iptables, such as loading multiple helpers with a single rule
# This script is meant to be loaded with `nft -f <file>`
# You require linux kernel >= 4.12 and nft >= 0.8
# For up-to-date information please visit https://wiki.nftables.org

# Using ct helpers is an important security feature when doing stateful
# firewalling, since it mitigate certain networking attacks.
# More info at: https://home.regit.org/netfilter-en/secure-use-of-helpers/


flush ruleset
table inet filter {
	# declare helpers of this table
	ct helper ftp-standard {
		type "ftp" protocol tcp;
		l3proto inet
	}
	ct helper sip-5060 {
		type "sip" protocol udp;
		l3proto inet
	}
	ct helper tftp-69 {
		type "tftp" protocol udp
		l3proto inet
	}

	chain input {
		type filter hook input priority 0; policy drop;
		ct state established,related accept

		# assign a single helper in a single rule
		tcp dport 21 ct helper set "ftp-standard"

		# assign multiple helpers in a single rule
		ct helper set udp dport map {
	                        69 : "tftp-69", \
		                5060 : "sip-5060" }
	}
}

Youez - 2016 - github.com/yon3zu
LinuXploit