This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | |||
сервис_firewall [2025/10/20 07:20] val [nftables] |
сервис_firewall [2025/10/20 09:17] (current) val [Debian/Ubuntu (iptables)] |
||
---|---|---|---|
Line 417: | Line 417: | ||
root@gate:~# netfilter-persistent save | root@gate:~# netfilter-persistent save | ||
</code> | </code> | ||
+ | ==== Debian/Ubuntu (nftables) ==== | ||
+ | <code> | ||
+ | # cat /etc/nftables.conf | ||
+ | </code><code> | ||
+ | ... | ||
+ | table inet filter { | ||
+ | chain input { | ||
+ | type filter hook input priority filter; | ||
+ | } | ||
+ | chain forward { | ||
+ | type filter hook forward priority filter; | ||
+ | iifname "eth0" oifname "eth1" counter packets 0 bytes 0 accept | ||
+ | iifname "eth1" oifname "eth0" counter packets 0 bytes 0 accept | ||
+ | iifname "eth2" counter packets 0 bytes 0 accept | ||
+ | iifname "tun*" counter packets 0 bytes 0 accept | ||
+ | ct state established,related counter packets 0 bytes 0 accept | ||
+ | counter packets 0 bytes 0 drop | ||
+ | } | ||
+ | chain output { | ||
+ | type filter hook output priority filter; | ||
+ | ct state established,related counter packets 0 bytes 0 accept | ||
+ | oifname "eth2" counter packets 0 bytes 0 drop | ||
+ | } | ||
+ | } | ||
+ | </code> | ||
==== FreeBSD (pf) ==== | ==== FreeBSD (pf) ==== | ||
<code> | <code> |