Firewall - nftables blocks outbound traffic

928 views Asked by At

I've got a VM at a hosting service and installed a basic firewall with nftables. However, when it is active, all outbound traffic seems to get blocked. For example, when trying to ping google.com, I get a No route to host error. This occurs for any host I try to ping.

Here's my (really basic) config:

#!/usr/sbin/nft -f

flush ruleset

table inet filter {
  chain input {
    type filter hook input priority 0; policy drop;

    # allow connection from loopback
    iifname lo accept;

    # established/related connections
    ct state {established, related} accept;

    # drop invalid connections
    ct state invalid drop;
 
    # allow ping
    ip protocol icmp icmp type echo-request accept;
    icmpv6 type echo-request accept;
                             
    # allow ssh connection on port 22
    tcp dport 22 accept;
    
    log flags all;
  }
  chain forward {
    type filter hook forward priority 0;
  }
  chain output {
    type filter hook output priority 0; policy accept;
  }
}

I just cannot figure out where my problem lies.

0

There are 0 answers