Nftables console: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
(Die Seite wurde neu angelegt: „*nft add table inet filter *nft list ruleset table inet filter { }“) |
|||
| Zeile 1: | Zeile 1: | ||
| − | *nft add | + | =Create a basic IPv4 table= |
| − | *nft list | + | *nft add table inet filter |
| + | =List that table= | ||
| + | *nft list table inet filter | ||
table inet filter { | table inet filter { | ||
} | } | ||
| + | =Create a chain for input,output,forward traffic IPv4= | ||
| + | *nft add chain inet filter input { type filter hook input priority 0\; } | ||
| + | *nft add chain inet filter output { type filter hook output priority 0\; } | ||
| + | *nft add chain inet filter forward { type filter hook forward priority 0\; } | ||
| + | =Conntracking for input,output,forward= | ||
| + | *nft add rule filter input ct state established,related counter accept | ||
| + | *nft add rule filter output ct state established,related counter accept | ||
| + | *nft add rule filter forward ct state established,related counter accept | ||
| + | =loopback interface traffic is ok= | ||
| + | *nft add rule filter input iifname "lo" counter accept | ||
| + | *nft add rule filter output oifname "lo" counter accept | ||
| + | |||
| + | =A rule to check that ssh,http,https input is fine (IPv4)= | ||
| + | *nft add rule filter input tcp dport 22 counter accept | ||
| + | *nft add rule filter input tcp dport 80 counter accept | ||
| + | *nft add rule filter input tcp dport 443 counter accept | ||
| + | =A rule to check that output is fine (IPv4)= | ||
| + | *nft add rule filter output counter accept | ||
| + | =A rule to check that some forward is fine (IPv4)= | ||
| + | *nft add rule filter forward iifname "ens19" oifname "ens18" tcp dport 22 counter accept | ||
| + | *nft add rule filter forward iifname "ens19" oifname "ens18" tcp dport 443 counter accept | ||
| + | |||
| + | =List that table= | ||
| + | *nft list table inet filter | ||
| + | |||
| + | =Flush rules in chain filter/input= | ||
| + | *nft flush chain inet filter input | ||
| + | =Delete the chain filter/input= | ||
| + | *nft delete chain inet filter input | ||
| + | =Delete the table filter= | ||
| + | *nft delete table inet filter | ||
| + | =Links= | ||
| + | *https://wiki.nftables.org/wiki-nftables/index.php/Main_Page | ||
| + | *https://wiki.archlinux.org/index.php/nftables | ||
Version vom 17. Januar 2023, 16:37 Uhr
Create a basic IPv4 table
- nft add table inet filter
List that table
- nft list table inet filter
table inet filter {
}
Create a chain for input,output,forward traffic IPv4
- nft add chain inet filter input { type filter hook input priority 0\; }
- nft add chain inet filter output { type filter hook output priority 0\; }
- nft add chain inet filter forward { type filter hook forward priority 0\; }
Conntracking for input,output,forward
- nft add rule filter input ct state established,related counter accept
- nft add rule filter output ct state established,related counter accept
- nft add rule filter forward ct state established,related counter accept
loopback interface traffic is ok
- nft add rule filter input iifname "lo" counter accept
- nft add rule filter output oifname "lo" counter accept
A rule to check that ssh,http,https input is fine (IPv4)
- nft add rule filter input tcp dport 22 counter accept
- nft add rule filter input tcp dport 80 counter accept
- nft add rule filter input tcp dport 443 counter accept
A rule to check that output is fine (IPv4)
- nft add rule filter output counter accept
A rule to check that some forward is fine (IPv4)
- nft add rule filter forward iifname "ens19" oifname "ens18" tcp dport 22 counter accept
- nft add rule filter forward iifname "ens19" oifname "ens18" tcp dport 443 counter accept
List that table
- nft list table inet filter
Flush rules in chain filter/input
- nft flush chain inet filter input
Delete the chain filter/input
- nft delete chain inet filter input
Delete the table filter
- nft delete table inet filter