启动nftables并将其设为开机自启
systemctl start nftablessystemctl enable nftables修改默认配置文件
#!/usr/sbin/nft -f flush ruleset table inet filter { chain input { type filter hook input priority 0; policy accept; iif "lo" accept ct state established,related accept tcp dport 2233 accept } chain forward { type filter hook forward priority 0; policy drop; } chain output { type filter hook output priority 0; policy accept; } }保存配置文件并应用
sudo nft -f /etc/nftables.conf检查规则
sudo nft list ruleset放行某个端口的tcp或udp流量
sudo nft add rule inet filter input tcp dport 12345 accept sudo nft add rule inet filter input udp dport 12345 accept放行某个端口的tcp或udp流量并只允许某个ip访问
sudo nft add rule inet filter input ip saddr 192.0.2.1 tcp dport 12345 accept sudo nft add rule inet filter input ip saddr 192.0.2.1 udp dport 12345 acceptsudo nft add rule inet filter input ip6 saddr 2001:db8::1 tcp dport 12345 accept sudo nft add rule inet filter input ip6 saddr 2001:db8::1 udp dport 12345 accept
本博客所有文章除特别声明外,均采用
CC BY-NC-SA 4.0
许可协议。转载请注明来自Shimamura !
评论
评论