Rename firewall table to filter table (most use on Debian).
This commit is contained in:
parent
ead7a337a0
commit
3e69865a56
|
@ -1,4 +1,7 @@
|
||||||
|
|
||||||
|
## v1.2.3
|
||||||
|
* Rename firewall table to filter table (most use on Debian).
|
||||||
|
|
||||||
## v1.2.2
|
## v1.2.2
|
||||||
|
|
||||||
### Fix
|
### Fix
|
||||||
|
|
|
@ -158,7 +158,7 @@ flush ruleset
|
||||||
|
|
||||||
include "/etc/nftables.d/defines.nft"
|
include "/etc/nftables.d/defines.nft"
|
||||||
|
|
||||||
table inet firewall {
|
table inet filter {
|
||||||
chain global {
|
chain global {
|
||||||
# 000 state management
|
# 000 state management
|
||||||
ct state established,related accept
|
ct state established,related accept
|
||||||
|
@ -173,7 +173,7 @@ table inet firewall {
|
||||||
And you can get all rules and definitons by displaying the ruleset on the host : `$ nft list ruleset` :
|
And you can get all rules and definitons by displaying the ruleset on the host : `$ nft list ruleset` :
|
||||||
|
|
||||||
```
|
```
|
||||||
table inet firewall {
|
table inet filter {
|
||||||
set blackhole {
|
set blackhole {
|
||||||
type ipv4_addr
|
type ipv4_addr
|
||||||
elements = { 255.255.255.255, 224.0.0.1, 224.0.0.251}
|
elements = { 255.255.255.255, 224.0.0.1, 224.0.0.251}
|
||||||
|
@ -243,7 +243,7 @@ nft_input_group_rules:
|
||||||
* The first run of a playbook may be long (~8 minutes) just after the (re)start of `nftables` service.
|
* The first run of a playbook may be long (~8 minutes) just after the (re)start of `nftables` service.
|
||||||
* Probably due to Ansible/OpenSSH Specific default Settings, the outgoing connections for Ansible/SSH will be blocked :
|
* Probably due to Ansible/OpenSSH Specific default Settings, the outgoing connections for Ansible/SSH will be blocked :
|
||||||
```
|
```
|
||||||
trace id d7c3a8dc inet firewall output packet: oif "ens18" ip saddr REMOTE_HOST ip daddr MY_HOST ip dscp 0x02 ip ecn not-ect ip ttl 64 ip id 56799 ip length 420 tcp sport ssh tcp dport 53922 tcp flags == 0x18 tcp window 1452
|
trace id d7c3a8dc inet filter output packet: oif "ens18" ip saddr REMOTE_HOST ip daddr MY_HOST ip dscp 0x02 ip ecn not-ect ip ttl 64 ip id 56799 ip length 420 tcp sport ssh tcp dport 53922 tcp flags == 0x18 tcp window 1452
|
||||||
```
|
```
|
||||||
* This only happen at the first run on new clean host. The next runs will works without any delay.
|
* This only happen at the first run on new clean host. The next runs will works without any delay.
|
||||||
|
|
||||||
|
|
|
@ -9,7 +9,7 @@ flush ruleset
|
||||||
|
|
||||||
include "/etc/nftables.d/defines.nft"
|
include "/etc/nftables.d/defines.nft"
|
||||||
|
|
||||||
table inet firewall {
|
table inet filter {
|
||||||
chain global {
|
chain global {
|
||||||
{% for group, rules in globalmerged|dictsort %}
|
{% for group, rules in globalmerged|dictsort %}
|
||||||
# {{ group }}
|
# {{ group }}
|
||||||
|
|
Loading…
Reference in New Issue