Syntax
nft list tables nft list chains nft add <table|chain|rule> ... nft list <table|chain|rule> ... nft flush <table|chain|rule> ... nft delete <table|chain|rule> ...
List rules with numbers
nft list ruleset -a
Check rules for syntax errors
nft --check -f /etc/nftables/sio-firewall.nft
Simple Example
Create new table and chain:
nft add table inet table1
nft create chain inet table1 { type filter hook input priority 0\; }
nft add rule inet table1 chain1 iif lo accept
Allow existing and outbind, as well as SSH
nft add rule inet table1 chain1 ct state established,related accept nft add rule inet table1 chain1 tcp dport 22 ct state new accept
Default drop policy
nft add rule inet table1 chain1 drop
Advanced
Inject rule at position
nft add rule inet table1 chain1 position <number> <rule>
Convert iptables to nftables
Check out iptables-translate
Debug rule changes
nft monitor # Reports all rule changes live nft monitor new tables nft monitor destroy rules
SIO Firewall rules
/etc/nftables/sio-firewall.nft /etc/sysconfig/nftables.conf include "/etc/nftables/sio-firewall.nft"
0 Comments