Rename firewall table to filter table (most use on Debian).

This commit is contained in:
Jeremy Gardais 2018-02-06 15:50:31 +01:00
parent ead7a337a0
commit 3e69865a56
3 changed files with 7 additions and 4 deletions

View File

@ -1,4 +1,7 @@
## v1.2.3
* Rename firewall table to filter table (most use on Debian).
## v1.2.2 ## v1.2.2
### Fix ### Fix

View File

@ -158,7 +158,7 @@ flush ruleset
include "/etc/nftables.d/defines.nft" include "/etc/nftables.d/defines.nft"
table inet firewall { table inet filter {
chain global { chain global {
# 000 state management # 000 state management
ct state established,related accept ct state established,related accept
@ -173,7 +173,7 @@ table inet firewall {
And you can get all rules and definitons by displaying the ruleset on the host: `$ nft list ruleset`: And you can get all rules and definitons by displaying the ruleset on the host: `$ nft list ruleset`:
``` ```
table inet firewall { table inet filter {
set blackhole { set blackhole {
type ipv4_addr type ipv4_addr
elements = { 255.255.255.255, 224.0.0.1, 224.0.0.251} elements = { 255.255.255.255, 224.0.0.1, 224.0.0.251}
@ -243,7 +243,7 @@ nft_input_group_rules:
* The first run of a playbook may be long (~8 minutes) just after the (re)start of `nftables` service. * The first run of a playbook may be long (~8 minutes) just after the (re)start of `nftables` service.
* Probably due to Ansible/OpenSSH Specific default Settings, the outgoing connections for Ansible/SSH will be blocked: * Probably due to Ansible/OpenSSH Specific default Settings, the outgoing connections for Ansible/SSH will be blocked:
``` ```
trace id d7c3a8dc inet firewall output packet: oif "ens18" ip saddr REMOTE_HOST ip daddr MY_HOST ip dscp 0x02 ip ecn not-ect ip ttl 64 ip id 56799 ip length 420 tcp sport ssh tcp dport 53922 tcp flags == 0x18 tcp window 1452 trace id d7c3a8dc inet filter output packet: oif "ens18" ip saddr REMOTE_HOST ip daddr MY_HOST ip dscp 0x02 ip ecn not-ect ip ttl 64 ip id 56799 ip length 420 tcp sport ssh tcp dport 53922 tcp flags == 0x18 tcp window 1452
``` ```
* This only happen at the first run on new clean host. The next runs will works without any delay. * This only happen at the first run on new clean host. The next runs will works without any delay.

View File

@ -9,7 +9,7 @@ flush ruleset
include "/etc/nftables.d/defines.nft" include "/etc/nftables.d/defines.nft"
table inet firewall { table inet filter {
chain global { chain global {
{% for group, rules in globalmerged|dictsort %} {% for group, rules in globalmerged|dictsort %}
# {{ group }} # {{ group }}