From 7b5fedeb0b152e16f59771b6b2cbd74ba6b4ff28 Mon Sep 17 00:00:00 2001
From: huyjaky <huyphanuyg@gmail.com>
Date: Wed, 20 Aug 2025 14:54:25 +0700
Subject: [PATCH] chore: update readme

---
 README.md | 47 +++++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 43 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index ac4be6c..0710e1d 100644
--- a/README.md
+++ b/README.md
@@ -39,7 +39,6 @@ config mhz for gpu ignore tearing when inactivity
 ```bash
 sudo pacman -S lact
 ```
-
 ---
 
 ## SSH tunneling 
@@ -47,10 +46,50 @@ sudo pacman -S lact
 2. uncomment `port 22` on file follow path `/etc/ssh/sshd_config`
 -> after that u can connect to ssh. it means u doesnt need add open port 22 
 
-## Open port 
--> This is depend on your method firewall u have 
--> in my case, i have `nftables` 
 
+
+## Open port 
+
+-> This is depend on your method firewall u have 
+-> file config on `/etc/nftables.conf`
+```bash
+#!/usr/bin/nft -f
+# vim:set ts=2 sw=2 et:
+
+# IPv4/IPv6 Simple & Safe firewall ruleset.
+# More examples in /usr/share/nftables/ and /usr/share/doc/nftables/examples/.
+
+destroy table inet filter
+table inet filter {
+  chain input {
+    type filter hook input priority filter
+    policy drop
+
+    # ct state invalid drop comment "early drop of invalid connections"
+    ct state {established, related} accept comment "allow tracked connections"
+    iif lo accept comment "allow from loopback"
+    ip protocol icmp accept comment "allow icmp"
+    meta l4proto ipv6-icmp accept comment "allow icmp v6"
+    tcp dport ssh accept comment "allow sshd"
+    # pkttype host limit rate 5/second counter reject with icmpx type admin-prohibited
+
+    # WARNING: open port right here
+    tcp dport 8501-8509 accept
+    tcp dport 8511-8519 accept
+    tcp dport 8521-8529 accept
+    counter
+  }
+  chain forward {
+    type filter hook forward priority filter
+    policy drop
+  }
+}
+```
+-> after config run command `sudo nft -f /etc/nftables.conf`
+
+
+
+-> in my case, i have `nftables` 
 - `sudo nft -a list chain inet filter input` : list current port and rule was accepted 
 - `sudo nft add rule inet filter input tcp dport 8505 accept` : add open port (in case is 8505)
 - `sudo nft add rule inet filter input tcp dport '{ 8501-8509 }' accept` : add open port range