Rollback to inet family (for ipv4 and ipv6).
This commit is contained in:
parent
2aafa3c320
commit
74d068a92c
|
|
@ -3,6 +3,7 @@
|
||||||
|
|
||||||
### Features
|
### Features
|
||||||
* Manage nftables service at startup.
|
* Manage nftables service at startup.
|
||||||
|
* Rollback to inet family to manage both ipv4 and ipv6.
|
||||||
|
|
||||||
### Default Rules
|
### Default Rules
|
||||||
* Use more sets and vars definitions to avoid multiple rules.
|
* Use more sets and vars definitions to avoid multiple rules.
|
||||||
|
|
|
||||||
|
|
@ -140,7 +140,7 @@ flush ruleset
|
||||||
|
|
||||||
include "/etc/nftables.d/defines.nft"
|
include "/etc/nftables.d/defines.nft"
|
||||||
|
|
||||||
table ip firewall {
|
table inet firewall {
|
||||||
chain global {
|
chain global {
|
||||||
# 000 state management
|
# 000 state management
|
||||||
ct state established,related accept
|
ct state established,related accept
|
||||||
|
|
@ -155,7 +155,7 @@ table ip firewall {
|
||||||
And you can get all rules and definitons by displaying the ruleset on the host : `$ nft list ruleset` :
|
And you can get all rules and definitons by displaying the ruleset on the host : `$ nft list ruleset` :
|
||||||
|
|
||||||
```
|
```
|
||||||
table ip firewall {
|
table inet firewall {
|
||||||
set blackhole {
|
set blackhole {
|
||||||
type ipv4_addr
|
type ipv4_addr
|
||||||
elements = { 255.255.255.255, 224.0.0.1, 224.0.0.251}
|
elements = { 255.255.255.255, 224.0.0.1, 224.0.0.251}
|
||||||
|
|
|
||||||
|
|
@ -9,7 +9,7 @@ flush ruleset
|
||||||
|
|
||||||
include "/etc/nftables.d/defines.nft"
|
include "/etc/nftables.d/defines.nft"
|
||||||
|
|
||||||
table ip firewall {
|
table inet firewall {
|
||||||
chain global {
|
chain global {
|
||||||
{% for group, rules in globalmerged|dictsort %}
|
{% for group, rules in globalmerged|dictsort %}
|
||||||
# {{ group }}
|
# {{ group }}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue