一,清空一个链下面的规则
清空前:
[root@fedora ~]# nft -a list chain inet firewalld filter_IN_FedoraWorkstation_allow
table inet firewalld {
chain filter_IN_FedoraWorkstation_allow { # handle 52
ip6 daddr fe80::/64 udp dport 546 accept # handle 56
tcp dport 22 accept # handle 57
udp dport 137 ct helper set "helper-netbios-ns-udp" # handle 59
udp dport 137 accept # handle 60
udp dport 138 accept # handle 61
tcp dport 8081 accept # handle 337
ip daddr 224.0.0.251 udp dport 5353 accept # handle 62
ip6 daddr ff02::fb udp dport 5353 accept # handle 63
udp dport 1025-65535 accept # handle 64
tcp dport 1025-65535 accept # handle 65
}
}清空:
[root@fedora ~]# nft flush chain inet firewalld filter_IN_FedoraWorkstation_allow清空后:
[root@fedora ~]# nft -a list chain inet firewalld filter_IN_FedoraWorkstation_allow
table inet firewalld {
chain filter_IN_FedoraWorkstation_allow { # handle 52
}
}二,删除一个链
1,删除指定的链firewalld filter_IN_FedoraWorkstation_allow时报错,提示Device or resource busy
[root@fedora ~]# nft delete chain inet firewalld filter_IN_FedoraWorkstation_allow
Error: Could not process rule: Device or resource busy
delete chain inet firewalld filter_IN_FedoraWorkstation_allow
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^因为我们使用的是firewalld的规则,不确定是否firewalld的原因
2, 我们自建一个表和链再测试:
创建表:
[root@fedora ~]# nft add table inet PubTable查看表:
[root@fedora ~]# nft list table inet PubTable
table inet PubTable {
}在表下创建链:
[root@fedora ~]# nft add chain inet PubTable pubchain_input '{type filter hook input priority 0; policy accept; }'查看链:
[root@fedora ~]# nft list chain inet PubTable pubchain_input
table inet PubTable {
chain pubchain_input {
type filter hook input priority filter; policy accept;
}
}在链下创建规则:
[root@fedora ~]# nft add rule inet PubTable pubchain_input tcp dport 8080 accept添加规则后再次查看链:
[root@fedora ~]# nft list chain inet PubTable pubchain_input
table inet PubTable {
chain pubchain_input {
type filter hook input priority filter; policy accept;
tcp dport 8080 accept
}
}3, 这一次我们测试删除自建的链:
[root@fedora ~]# nft delete chain inet PubTable pubchain_input删除成功了,我们再次查看链下规则:
因为链已不存在,所以报错:
[root@fedora ~]# nft list chain inet PubTable pubchain_input
Error: No such file or directory
list chain inet PubTable pubchain_input
^^^^^^^^^^^^^^查看表,表内已空:
[root@fedora ~]# nft list table inet PubTable
table inet PubTable {
}三,清空一个表下面的规则
清空表内的规则
[root@fedora ~]# nft flush table inet firewalld清空后查看,规则已被清空:
[root@fedora ~]# nft -a list table inet firewalld
table inet firewalld { # handle 12
ct helper helper-netbios-ns-udp { # handle 58
type "netbios-ns" protocol udp
l3proto ip
}
chain mangle_PREROUTING { # handle 1
type filter hook prerouting priority mangle + 10; policy accept;
}
chain mangle_PREROUTING_POLICIES { # handle 2
}
chain nat_PREROUTING { # handle 4
type nat hook prerouting priority dstnat + 10; policy accept;
}
chain nat_PREROUTING_POLICIES { # handle 5
}
...四,删除一个表
删除表
[root@fedora ~]# nft delete table inet firewalld再次列出表下规则时已报错,因为表已不存在:
[root@fedora ~]# nft -a list table inet firewalld
Error: No such file or directory
list table inet firewalld
^^^^^^^^^查看规则集时表已不存在:
[root@fedora ~]# nft list ruleset
[root@fedora ~]# 标签:handle,删除,chain,nft,nftables,清空,root,inet,fedora From: https://www.cnblogs.com/architectforest/p/18395193