HomeWiki

User Tools

Site Tools

Trace: sidebar
networking:nftables

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
networking:nftables [2023/09/03 08:50] oscarnetworking:nftables [2023/09/03 17:35] (current) – [Links] oscar
Line 41: Line 41:
 Similar to a table, all operational activities can be done on a chain in addition to renaming a chain. Chains should be followed by a name and an open and a close curly bracket. They also come with a type, a hook, a priority, and a policy that must be defined when creating a chain as shown in the next figure. Similar to a table, all operational activities can be done on a chain in addition to renaming a chain. Chains should be followed by a name and an open and a close curly bracket. They also come with a type, a hook, a priority, and a policy that must be defined when creating a chain as shown in the next figure.
  
-  Chain chain-name { type <typehook <hookpriority <priority; policy <policy> ; }+<code> 
 +table [<family><name{
  
 + chain <chain-name> {
 +
 +   type <filter-type> hook <hook> priority <priority>; policy <policy>;
 +
 + } }
 +</code>
 ==== Chains Types ==== ==== Chains Types ====
 ^Type^Description^ ^Type^Description^
Line 121: Line 128:
 |return|Return from the current chain and continue at the next rule of the last chain. In a base chain, it is equivalent to accept| |return|Return from the current chain and continue at the next rule of the last chain. In a base chain, it is equivalent to accept|
 |goto <chain>|Similar to jump, but after finishing the rules in <chain>, the evaluation will continue to evaluate the next chains instead of waiting for a return to the last chain.| |goto <chain>|Similar to jump, but after finishing the rules in <chain>, the evaluation will continue to evaluate the next chains instead of waiting for a return to the last chain.|
 +
 +===== Query Commands =====
 +=== Ruleset ===
 +Current ruleset can be printed with:
 +  # nft list ruleset
 +Remove all ruleset leaving the system with no firewall:
 +  # nft flush ruleset
 +
 +=== Tables ===
 +To list all tables:
 +  # nft list tables
 +List chains and rules in a table. To list all chains and rules of a specified table:
 +  # nft list table family_type table_name
 +To delete a table. This will destroy all chains in the table:
 +  # nft delete table family_type table_name
 +Flush table
 +To flush/clear all rules from a table:
 +  # nft flush table family_type table_name
 +List rules
 +The following lists all rules of a chain:
 +  # nft list chain family_type table_name chain_name
 +Delete a chain. To delete a chain, the chain must not contain any rules or be a jump target.
 +:
 +  # nft delete chain family_type table_name chain_name
 +Flush rules from a chain:
 +  # nft flush chain family_type table_name chain_name
  
  
 ===== Links ===== ===== Links =====
   * [[https://wiki.nftables.org/wiki-nftables/index.php/Main_Page|wiki.nftables.org]]   * [[https://wiki.nftables.org/wiki-nftables/index.php/Main_Page|wiki.nftables.org]]
 +  * [[https://wiki.nftables.org/wiki-nftables/index.php/Quick_reference-nftables_in_10_minutes|Quick Reference]]
 +  * [[https://wiki.archlinux.org/title/nftables|ArchLinux-nftables]]
networking/nftables.1693731033.txt.gz · Last modified: by oscar