chore: update readme

README.md

@@ -39,7 +39,6 @@ config mhz for gpu ignore tearing when inactivity
 ```bash
 sudo pacman -S lact
 ```
-
 ---
 
 ## SSH tunneling 
@@ -47,10 +46,50 @@ sudo pacman -S lact
 2. uncomment `port 22` on file follow path `/etc/ssh/sshd_config`
 -> after that u can connect to ssh. it means u doesnt need add open port 22 
 
-## Open port 
--> This is depend on your method firewall u have 
--> in my case, i have `nftables` 
 
+
+## Open port 
+
+-> This is depend on your method firewall u have 
+-> file config on `/etc/nftables.conf`
+```bash
+#!/usr/bin/nft -f
+# vim:set ts=2 sw=2 et:
+
+# IPv4/IPv6 Simple & Safe firewall ruleset.
+# More examples in /usr/share/nftables/ and /usr/share/doc/nftables/examples/.
+
+destroy table inet filter
+table inet filter {
+  chain input {
+    type filter hook input priority filter
+    policy drop
+
+    # ct state invalid drop comment "early drop of invalid connections"
+    ct state {established, related} accept comment "allow tracked connections"
+    iif lo accept comment "allow from loopback"
+    ip protocol icmp accept comment "allow icmp"
+    meta l4proto ipv6-icmp accept comment "allow icmp v6"
+    tcp dport ssh accept comment "allow sshd"
+    # pkttype host limit rate 5/second counter reject with icmpx type admin-prohibited
+
+    # WARNING: open port right here
+    tcp dport 8501-8509 accept
+    tcp dport 8511-8519 accept
+    tcp dport 8521-8529 accept
+    counter
+  }
+  chain forward {
+    type filter hook forward priority filter
+    policy drop
+  }
+}
+```
+-> after config run command `sudo nft -f /etc/nftables.conf`
+
+
+
+-> in my case, i have `nftables` 
 - `sudo nft -a list chain inet filter input` : list current port and rule was accepted 
 - `sudo nft add rule inet filter input tcp dport 8505 accept` : add open port (in case is 8505)
 - `sudo nft add rule inet filter input tcp dport '{ 8501-8509 }' accept` : add open port range