1 2 3 4 5 6 7 8 9 10 11 12
#!/sbin/nft -f flush ruleset table inet filter { chain input { tcp flags and syn == syn|ack drop tcp flags and (syn|ack|fin|rst) == syn drop tcp flags and (syn|ack|fin|rst) == syn|ack drop } }