Red Hat Training

A Red Hat training course is available for RHEL 8

45.2.2. Formatos de script de nftables soportados

El entorno de scripting nftables admite scripts en los siguientes formatos:

  • Puede escribir una secuencia de comandos en el mismo formato que el comando nft list ruleset muestra el conjunto de reglas:

    #!/usr/sbin/nft -f
    
    # Flush the rule set
    flush ruleset
    
    table inet example_table {
      chain example_chain {
        # Chain for incoming packets that drops all packets that
        # are not explicitly allowed by any rule in this chain
        type filter hook input priority 0; policy drop;
    
        # Accept connections to port 22 (ssh)
        tcp dport ssh accept
      }
    }
  • Puede utilizar la misma sintaxis para los comandos que en nft:

    #!/usr/sbin/nft -f
    
    # Flush the rule set
    flush ruleset
    
    # Create a table
    add table inet example_table
    
    # Create a chain for incoming packets that drops all packets
    # that are not explicitly allowed by any rule in this chain
    add chain inet example_table example_chain { type filter hook input priority 0 ; policy drop ; }
    
    # Add a rule that accepts connections to port 22 (ssh)
    add rule inet example_table example_chain tcp dport ssh accept