从iptables迁移到nftables

2022-06-16  本文已影响0人  cloudFans

基于iptables-save 为文件,然后导入即可


% iptables-save  > iptables.txt
% iptables-nft-restore < iptables.txt



% iptables-nft-save 
# Generated by xtables-save v1.6.0 (nf_tables) on Sat Dec 24 14:51:41 2016
*filter
:INPUT ACCEPT [19:1283]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [18:2487]
-A FORWARD -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT
COMMIT
# Completed on Sat Dec 24 14:51:41 2016

% nft list ruleset
table ip filter {
    chain INPUT {
        type filter hook input priority 0; policy accept;
    }

    chain FORWARD {
        type filter hook forward priority 0; policy accept;
        ip protocol tcp tcp dport 22 ct state new counter packets 0 bytes 0 accept
    }

    chain OUTPUT {
        type filter hook output priority 0; policy accept;
    }
}

参考: https://wiki.nftables.org/wiki-nftables/index.php/Moving_from_iptables_to_nftables

上一篇 下一篇

猜你喜欢

热点阅读