[LINUX] nft command memo of nf_tables (CentOS8)

Delete settings


# nft flush ruleset

Creating a table


# nft create table mytable1
# nft list ruleset ip ##Confirmation

Creating a chain


# nft add chain ip mytable1 mychain1 { type filter hook input priority 0 \; }
# nft -a list chain ip mytable1 mychain1 ##Confirmation

ssh permission


# nft add rule mytable1 mychain1 tcp dport 22 accept

Check every time you add a rule


# nft -a list chain ip mytable1 mychain1

Rejection other than ssh


# nft add rule mytable1 mychain1 drop

Return communication is passed


# nft add rule mytable1 mychain1 handle 2 ct state related,established accept

icmp allow


# nft add rule mytable1 mychain1 handle 6 icmp type { echo-request, echo-reply } accept

8080 permit


# nft add rule mytable1 mychain1 handle 2 tcp dport 8080 ip saddr 192.168.11.0/24 accept

10050 permit


# nft add rule mytable1 mychain1 handle 10 tcp dport 10050 ip saddr 192.168.11.0/24 accept

Export settings


# nft list ruleset > ruleset.conf

Read settings


# nft -c ruleset.conf ##check
# nft -f ruleset.conf

Delete


##table deleted
# nft delete table mytable1

##Delete chain
# nft delete chain mytable1 mychain1

##Delete rules in the chain by specifying handle
# nft delete rule myrule1 mychain1 handle 11

activation


# systemctl enable nftables.service
# systemctl start nftables.service
# nft list ruleset > /etc/sysconfig/nftables.conf ##CentOS,For RHEL
#Restart the server and check if the settings are loaded.

Referenced site

https://knowledge.sakura.ad.jp/22636/ https://mimumimu.net/blog/2019/12/07/iptables-%E3%81%8B%E3%82%89-nftables-%E3%81%AB%E3%82%B5%E3%82%AF%E3%83%83%E3%81%A8%E5%88%87%E3%82%8A%E6%9B%BF%E3%81%88%E3%82%8B/

Recommended Posts

nft command memo of nf_tables (CentOS8)
Docker command memo
Docker-compose command memo
List of beginners (List) memo
Docker Machine command memo
Handling of SNMP traps (CentOS 8)
Execution result memo of String.substring