Delete settings
# nft flush ruleset
Creating a table
# nft create table mytable1
# nft list ruleset ip ##Confirmation
Creating a chain
# nft add chain ip mytable1 mychain1 { type filter hook input priority 0 \; }
# nft -a list chain ip mytable1 mychain1 ##Confirmation
ssh permission
# nft add rule mytable1 mychain1 tcp dport 22 accept
Check every time you add a rule
# nft -a list chain ip mytable1 mychain1
Rejection other than ssh
# nft add rule mytable1 mychain1 drop
Return communication is passed
# nft add rule mytable1 mychain1 handle 2 ct state related,established accept
icmp allow
# nft add rule mytable1 mychain1 handle 6 icmp type { echo-request, echo-reply } accept
8080 permit
# nft add rule mytable1 mychain1 handle 2 tcp dport 8080 ip saddr 192.168.11.0/24 accept
10050 permit
# nft add rule mytable1 mychain1 handle 10 tcp dport 10050 ip saddr 192.168.11.0/24 accept
Export settings
# nft list ruleset > ruleset.conf
Read settings
# nft -c ruleset.conf ##check
# nft -f ruleset.conf
Delete
##table deleted
# nft delete table mytable1
##Delete chain
# nft delete chain mytable1 mychain1
##Delete rules in the chain by specifying handle
# nft delete rule myrule1 mychain1 handle 11
activation
# systemctl enable nftables.service
# systemctl start nftables.service
# nft list ruleset > /etc/sysconfig/nftables.conf ##CentOS,For RHEL
#Restart the server and check if the settings are loaded.
https://knowledge.sakura.ad.jp/22636/ https://mimumimu.net/blog/2019/12/07/iptables-%E3%81%8B%E3%82%89-nftables-%E3%81%AB%E3%82%B5%E3%82%AF%E3%83%83%E3%81%A8%E5%88%87%E3%82%8A%E6%9B%BF%E3%81%88%E3%82%8B/