安全: nftables基础知识系列之二:查看规则/删除规则
一,查看规则
查看所有规则
[root@192 ~]# nft list ruleset
table inet my_table {
chain my_chain {
type filter hook input priority filter; policy accept;
tcp dport 22 accept
tcp dport 80 accept
tcp dport 3306 accept
tcp dport 123 accept
}
}查看指定表内的规则
[root@192 ~]# nft list table inet my_table
table inet my_table {
chain my_chain {
type filter hook input priority filter; policy accept;
tcp dport 22 accept
tcp dport 80 accept
tcp dport 3306 accept
tcp dport 123 accept
}
}查看指定链内的规则
[root@192 ~]# nft list chain inet my_table my_chain
table inet my_table {
chain my_chain {
type filter hook input priority filter; policy accept;
tcp dport 22 accept
tcp dport 80 accept
tcp dport 3306 accept
tcp dport 123 accept
}
}二,删除规则
1,查看得到规则的句柄:
[root@192 ~]# nft --handle list chain inet my_table my_chain
table inet my_table {
chain my_chain { # handle 9
type filter hook input priority filter; policy accept;
tcp dport 22 accept # handle 10
tcp dport 80 accept # handle 11
tcp dport 3306 accept # handle 12
tcp dport 123 accept # handle 13
}
}-a参数也可以看到规则的句柄
[root@192 ~]# nft -a list chain inet my_table my_chain
table inet my_table {
chain my_chain { # handle 9
type filter hook input priority filter; policy accept;
tcp dport 22 accept # handle 10
tcp dport 80 accept # handle 11
tcp dport 3306 accept # handle 12
tcp dport 123 accept # handle 13
}
}删除 :
[root@192 ~]# nft delete rule inet my_table my_chain handle 11查看效果:
[root@192 ~]# nft -a list chain inet my_table my_chain
table inet my_table {
chain my_chain { # handle 9
type filter hook input priority filter; policy accept;
tcp dport 22 accept # handle 10
tcp dport 3306 accept # handle 12
tcp dport 123 accept # handle 13
}
}2,清除所有规则:
[root@192 ~]# nft flush ruleset查看效果:
[root@192 ~]# nft list ruleset
