[[oktatas:linux:tuzfal:netfilter:nftables|< nftables]]

====== nftables egyszerűen ======

  * **Szerző:** Sallai András
  * Copyright (c) Sallai András, 2022
  * Licenc: [[https://creativecommons.org/licenses/by-sa/4.0/|CC Attribution-Share Alike 4.0 International]]
  * Web: https://szit.hu

===== Tábla =====

  nft add table filter

===== Lánc =====

  nft add chain inet filter input

===== Szabály =====

  nft add rule inet filter input tcp dport ssh accept

  nft add rule inet filter input tcp dport http accept

  nft add rule inet filter input drop


===== config =====

<code>
table inet filter {
    chain input {
        tcp dport 22 accept
        tcp dport 80 accept
        drop
    }
}
</code>


===== Példa =====

<code bash /etc/nftables.conf>
table inet filter {
    chain input {
        type filter hook input priority 0;
        iifname lo accept
        tcp dport 22 accept
        log prefix "---ELDOB---"
        drop
    }
    chain forward {
        type filter hook forward pirority 0;
    }
    chain output {
        type filter hook output pirority 0;
    }
}

table ip nat {
    chain postrouting {
        type nat hook postrouting priority srcnat; policy accept;
        ip saddr 191.168.10.0/24 oif "enp0s8" masquerade
    }
}
</code>