一,保存nftables规则:
查看规则:
[root@fedora ~]# nft list ruleset
table inet firewalld {
ct helper helper-netbios-ns-udp {
type "netbios-ns" protocol udp
l3proto ip
}
chain mangle_PREROUTING {
type filter hook prerouting priority mangle + 10; policy accept;
jump mangle_PREROUTING_POLICIES
}
chain mangle_PREROUTING_POLICIES {
iifname "ens33" jump mangle_PRE_policy_allow-host-ipv6
iifname "ens33" jump mangle_PRE_FedoraWorkstation
iifname "ens33" return
jump mangle_PRE_policy_allow-host-ipv6
jump mangle_PRE_FedoraWorkstation
return
}
...保存到文件:
[root@fedora ~]# nft list ruleset > nft.conf清空规则
[root@fedora ~]# nft flush ruleset查看规则,规则已空
[root@fedora ~]# nft list ruleset二,从文件中恢复保存的防火墙规则
从文件加载
[root@fedora ~]# nft -f nft.conf再次查看规则,规则已从文件中加载恢复:
[root@fedora ~]# nft list ruleset
table inet firewalld {
ct helper helper-netbios-ns-udp {
type "netbios-ns" protocol udp
l3proto ip
}
chain mangle_PREROUTING {
type filter hook prerouting priority mangle + 10; policy accept;
jump mangle_PREROUTING_POLICIES
}
chain mangle_PREROUTING_POLICIES {
iifname "ens33" jump mangle_PRE_policy_allow-host-ipv6
iifname "ens33" jump mangle_PRE_FedoraWorkstation
iifname "ens33" return
jump mangle_PRE_policy_allow-host-ipv6
jump mangle_PRE_FedoraWorkstation
return
}
...标签:PRE,文件,fedora,保存,jump,nftables,mangle,nft,ens33 From: https://www.cnblogs.com/architectforest/p/18395285