Il 17/08/20 10:56, Pablo Neira Ayuso ha scritto:
> Hi,
> You can set default policy to drop wehn defining the chain (in the
> same go), no need to call it twice, my suggestion for your ruleset is
> to place this in ruleset.nft:
>
> add table inet firewall
> add table inet nat
> add table netdev noddos
>
> add chain inet firewall INPUT { type filter hook input priority 0; policy drop; }
> add chain inet firewall OUTPUT { type filter hook output priority 0; policy drop; }
> add chain inet firewall FORWARD { type filter hook forward priority 0; policy drop; }
> ...
>
> my rules
> my rules
> my rules
>
At first many thanks.
another question given your kindness,
I can use bash only to define my variables eg
EXTIF = "eth0"
LAN = "192.168.2.0/24"
etc
use the variables defined in writing the rules.nft file as per your
example and then write
nft -f /path/rules.nft in my bash script?
as usual I apologize for my terrible English.
Attachment:
signature.asc
Description: OpenPGP digital signature
