hinoshiba.com./public_docs/

hinoshiba/ShungoKumasaka の情報やハイパーリンクまとめ先
you@browser$ cd .. || 一つ上の階層へ戻る

View on GitHub

nftables

  1. nftインストール
    1. ufw無効
      1. sudo ufw disable
      2. sudo systemctl stop ufw
      3. sudo systemctl disable ufw
      4. reboot
    2. sudo apt install nftables
    3. sudo update-alternatives --config iptables
      • nftablesを選択
    4. sudo vim /etc/nftables.conf 
       #!/usr/sbin/nft -f
 flush ruleset

 table inet filter {
   chain input {
     type filter hook input priority 0; policy drop;

     iifname "lo" counter accept

     ct state established,related counter accept

     ct state new tcp dport 22 counter accept
   }

   chain forward {
     type filter hook forward priority 0; policy drop;
   }

   chain output {
     type filter hook output priority 0; policy accept;
   }
 }
    5. 起動と有効化
      • systemctl enable nftables --now
    6. 動作確認
      • nft list ruleset
      • sudo iptables --version
        • iptables v1.8.4 (nf_tables)