nftable questions

To: debian-user@lists.debian.org
Subject: nftable questions
From: Jesper Dybdal <jd-debian@dybdal.dk>
Date: Fri, 6 Nov 2020 11:47:50 +0100
Message-id: <[🔎] 2f12845f-6960-9127-3f62-b5b20367e438@dybdal.dk>

I'm beginning to plan the transition from iptables-nft to nativenftables. I plan to have a shell script that builds a set of "define"statements and concatenates then with the actual nft script that uses them.


Question 1:

What is the difference between "meta l4proto tcp tcp dport 22" and just"tcp dport 22". I've seen examples of both, and both seem to work.


Question 2:

Is there a way to specify conditional inclusion of rules in a fileloaded with "nft -f"?


I.e., something like:

define AllowSsh = 1   # or 0

...

if AllowSsh
   meta l4proto tcp tcp dport 22 accept
else
   meta l4proto tcp tcp dport 22 drop
endif

?

Thanks,
Jesper

--
Jesper Dybdal
https://www.dybdal.dk

Reply to:

Prev by Date: Re: Stretch => Buster: iptables
Next by Date: Re: Feasibility of speech recognition for note taking on dedicated laptop?
Previous by thread: Re: Stretch => Buster: iptables
Next by thread: Virt-install setting hostname as extra args not working
Index(es):
- Date
- Thread