Nftables old shit: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
(Die Seite wurde neu angelegt: „ *Nftabels Grundlagen *Nftables Filter =Install= *apt-get install nftables =Create a basic IPv4 table= *nft add table inet filter =List that table= *n…“) |
|||
| Zeile 32: | Zeile 32: | ||
*nft add rule filter forward iifname "ens19" oifname "ens18" tcp dport 22 counter accept | *nft add rule filter forward iifname "ens19" oifname "ens18" tcp dport 22 counter accept | ||
*nft add rule filter forward iifname "ens19" oifname "ens18" tcp dport 443 counter accept | *nft add rule filter forward iifname "ens19" oifname "ens18" tcp dport 443 counter accept | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
=List that table= | =List that table= | ||
Aktuelle Version vom 17. Januar 2023, 16:36 Uhr
Install
- apt-get install nftables
Create a basic IPv4 table
- nft add table inet filter
List that table
- nft list table inet filter
table inet filter {
}
Create a chain for input,output,forward traffic IPv4
- nft add chain inet filter input { type filter hook input priority 0\; }
- nft add chain inet filter output { type filter hook output priority 0\; }
- nft add chain inet filter forward { type filter hook forward priority 0\; }
Conntracking for input,output,forward
- nft add rule filter input ct state established,related counter accept
- nft add rule filter output ct state established,related counter accept
- nft add rule filter forward ct state established,related counter accept
loopback interface traffic is ok
- nft add rule filter input iifname "lo" counter accept
- nft add rule filter output oifname "lo" counter accept
A rule to check that ssh,http,https input is fine (IPv4)
- nft add rule filter input tcp dport 22 counter accept
- nft add rule filter input tcp dport 80 counter accept
- nft add rule filter input tcp dport 443 counter accept
A rule to check that output is fine (IPv4)
- nft add rule filter output counter accept
A rule to check that some forward is fine (IPv4)
- nft add rule filter forward iifname "ens19" oifname "ens18" tcp dport 22 counter accept
- nft add rule filter forward iifname "ens19" oifname "ens18" tcp dport 443 counter accept
List that table
- nft list table inet filter
Flush rules in chain filter/input
- nft flush chain inet filter input
Delete the chain filter/input
- nft delete chain inet filter input
Delete the table filter
- nft delete table inet filter