安全:nftables:保存到文件和恢复

一，保存nftables规则:

查看规则:

[root@fedora ~]# nft list ruleset
table inet firewalld {
        ct helper helper-netbios-ns-udp {
                type "netbios-ns" protocol udp
                l3proto ip
        }

        chain mangle_PREROUTING {
                type filter hook prerouting priority mangle + 10; policy accept;
                jump mangle_PREROUTING_POLICIES
        }

        chain mangle_PREROUTING_POLICIES {
                iifname "ens33" jump mangle_PRE_policy_allow-host-ipv6
                iifname "ens33" jump mangle_PRE_FedoraWorkstation
                iifname "ens33" return
                jump mangle_PRE_policy_allow-host-ipv6
                jump mangle_PRE_FedoraWorkstation
                return
        } 
        ...

保存到文件:

[root@fedora ~]# nft list ruleset > nft.conf

清空规则

[root@fedora ~]# nft flush ruleset

查看规则,规则已空

[root@fedora ~]# nft list ruleset

二，从文件中恢复保存的防火墙规则

从文件加载

[root@fedora ~]# nft -f nft.conf

再次查看规则,规则已从文件中加载恢复:

[root@fedora ~]# nft list ruleset
table inet firewalld {
        ct helper helper-netbios-ns-udp {
                type "netbios-ns" protocol udp
                l3proto ip
        }

        chain mangle_PREROUTING {
                type filter hook prerouting priority mangle + 10; policy accept;
                jump mangle_PREROUTING_POLICIES
        }

        chain mangle_PREROUTING_POLICIES {
                iifname "ens33" jump mangle_PRE_policy_allow-host-ipv6
                iifname "ens33" jump mangle_PRE_FedoraWorkstation
                iifname "ens33" return
                jump mangle_PRE_policy_allow-host-ipv6
                jump mangle_PRE_FedoraWorkstation
                return
        }
        ...

posted @ 2024-09-04 10:23 刘宏缔的架构森林阅读(56) 评论(0) 编辑收藏举报

刷新页面返回顶部

安全:nftables:保存到文件和恢复

一，保存nftables规则:

二，从文件中恢复保存的防火墙规则

公告