安全: nftables:用describe得到表达式的信息
例子:
ct state
[root@fedora ~]# nft describe ct state
ct expression, datatype ct_state (conntrack state) (basetype bitmask, integer), 32 bits
pre-defined symbolic constants (in hexadecimal):
invalid 0x00000001
new 0x00000008
established 0x00000002
related 0x00000004
untracked 0x00000040icmp type:
[root@fedora ~]# nft describe icmp type
payload expression, datatype icmp_type (ICMP type) (basetype integer), 8 bits
pre-defined symbolic constants (in decimal):
echo-reply 0
destination-unreachable 3
source-quench 4
redirect 5
echo-request 8
router-advertisement 9
router-solicitation 10
time-exceeded 11
parameter-problem 12
timestamp-request 13
timestamp-reply 14
info-request 15
info-reply 16
address-mask-request 17
address-mask-reply 18icmp code:
[root@fedora ~]# nft describe icmp code
payload expression, datatype icmp_code (icmp code) (basetype integer), 8 bits
pre-defined symbolic constants (in decimal):
net-unreachable 0
host-unreachable 1
prot-unreachable 2
port-unreachable 3
net-prohibited 9
host-prohibited 10
admin-prohibited 13
frag-needed 4tcp flags
[root@fedora ~]# nft describe tcp flags
payload expression, datatype tcp_flag (TCP flag) (basetype bitmask, integer), 8 bits
pre-defined symbolic constants (in hexadecimal):
fin 0x01
syn 0x02
rst 0x04
psh 0x08
ack 0x10
urg 0x20
ecn 0x40
cwr 0x80查看单个值:
[root@fedora ~]# nft describe fin
symbol expression, datatype invalid (invalid)iifname
[root@fedora ~]# nft describe iifname
meta expression, datatype ifname (network interface name) (basetype string), 16 characters数据类型:
[root@fedora ~]# nft describe string
datatype string (string), 0 bits
[root@fedora ~]# nft describe bitmask
datatype bitmask (bitmask) (basetype integer), 0 bits地址
[root@fedora ~]# nft describe ipv4_addr
datatype ipv4_addr (IPv4 address) (basetype integer), 32 bits
[root@fedora ~]# nft describe ipv6_addr
datatype ipv6_addr (IPv6 address) (basetype integer), 128 bits
[root@fedora ~]# nft describe ll_addr
datatype ll_addr (link layer address) (basetype integer), 0 bits
