User Tools
сервис_firewall
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
сервис_firewall [2025/10/20 07:20] val [nftables] |
сервис_firewall [2025/10/21 11:24] (current) val [nftables] |
||
|---|---|---|---|
| Line 417: | Line 417: | ||
| root@gate:~# netfilter-persistent save | root@gate:~# netfilter-persistent save | ||
| </code> | </code> | ||
| + | ==== Debian/Ubuntu (nftables) ==== | ||
| + | <code> | ||
| + | # cat /etc/nftables.conf | ||
| + | </code><code> | ||
| + | ... | ||
| + | table inet filter { | ||
| + | chain input { | ||
| + | type filter hook input priority filter; | ||
| + | } | ||
| + | chain forward { | ||
| + | type filter hook forward priority filter; | ||
| + | iifname "eth0" oifname "eth1" counter packets 0 bytes 0 accept | ||
| + | iifname "eth1" oifname "eth0" counter packets 0 bytes 0 accept | ||
| + | iifname "eth2" counter packets 0 bytes 0 accept | ||
| + | iifname "tun*" counter packets 0 bytes 0 accept | ||
| + | ct state established,related counter packets 0 bytes 0 accept | ||
| + | counter packets 0 bytes 0 drop | ||
| + | } | ||
| + | chain output { | ||
| + | type filter hook output priority filter; | ||
| + | ct state established,related counter packets 0 bytes 0 accept | ||
| + | oifname "eth2" counter packets 0 bytes 0 drop | ||
| + | } | ||
| + | } | ||
| + | </code> | ||
| ==== FreeBSD (pf) ==== | ==== FreeBSD (pf) ==== | ||
| <code> | <code> | ||
| Line 499: | Line 523: | ||
| } | } | ||
| ... | ... | ||
| + | </code><code> | ||
| + | gate# nft list set inet filter denylist | ||
| + | |||
| + | gate# nft flush set inet filter denylist | ||
| </code> | </code> | ||
| ==== FreeBSD (pf) ==== | ==== FreeBSD (pf) ==== | ||
сервис_firewall.1760934026.txt.gz · Last modified: 2025/10/20 07:20 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
