Difference between revisions of "Template:nftables/config"

From wiki
(Whitespace take 2)
(sudo)
 
(3 intermediate revisions by the same user not shown)
Line 1: Line 1:
 +
<noinclude>
 
<noinclude>
 
<noinclude>
 
== Description ==
 
== Description ==
Line 10: Line 11:
 
"example": "Web Server",
 
"example": "Web Server",
 
"type": "string"
 
"type": "string"
 +
},
 +
"tcp_port_in": {
 +
"type": "string",
 +
"suggested": true,
 +
"label": "tcp_port_in",
 +
"description": "Comma separated list of TCP ports to open from the internet to the machine",
 +
"example": "80, 443"
 +
},
 +
"udp_port_in": {
 +
"type": "string",
 +
"suggested": true,
 +
"label": "udp_port_in",
 +
"description": "Comma separated list of UDP ports to open from the internet to the machine",
 +
"example": "4567"
 
},
 
},
 
"tcp_port_out": {
 
"tcp_port_out": {
Line 31: Line 46:
 
"description": "Comma separated list of user with unlimited internet access",
 
"description": "Comma separated list of user with unlimited internet access",
 
"example": "root"
 
"example": "root"
},
 
"tcp_port_in": {
 
"type": "string",
 
"suggested": true,
 
"label": "tcp_port_in",
 
"description": "Comma separated list of TCP ports to open from the internet to the machine",
 
"example": "80, 443"
 
},
 
"udp_port_in": {
 
"type": "string",
 
"suggested": true,
 
"label": "udp_port_in",
 
"description": "Comma separated list of UDP ports to open from the internet to the machine",
 
"example": "4567"
 
 
}
 
}
 
},
 
},
Line 58: Line 59:
 
}
 
}
 
</templatedata>
 
</templatedata>
 +
 +
== Example ==
 +
=== Code ===
 +
<syntaxhighlight lang="text">{{nftables/config|category=Bind|tcp_port_in=53|udp_port_in=53|tcp_port_out=|udp_port_out=|user_out=}}</syntaxhighlight>
 +
=== Result ===
 +
{{nftables/config|category=Bind|tcp_port_in=53|udp_port_in=53|tcp_port_out=|udp_port_out=|user_out=}}
  
 
</noinclude><includeonly>Assuming that you configured [[nftables|nftables as described]], you can edit file <code>/etc/nftables/main_config.conf</code> and add
 
</noinclude><includeonly>Assuming that you configured [[nftables|nftables as described]], you can edit file <code>/etc/nftables/main_config.conf</code> and add
 
{{#tag:syntaxhighlight|
 
{{#tag:syntaxhighlight|
{{If || {{{category|}}} | # {{{category}}}
+
{{If || {{{category|}}} |# {{{category}}}
}}{{If || {{{tcp_port_out|}}} | add element  inet main  tcp_port_out { {{{tcp_port_out}}} }
+
}}{{If || {{{tcp_port_in|}}} |add element  inet main  tcp_port_in { {{{tcp_port_in}}} }
}}{{If || {{{udp_port_out|}}} | add element  inet main  udp_port_out { {{{udp_port_out}}} }
+
}}{{If || {{{udp_port_in|}}} |add element  inet main  udp_port_in { {{{udp_port_in}}} }
}}{{If || {{{user_out|}}} | add element  inet main  user_out { {{{user_out}}} }
+
}}{{If || {{{tcp_port_out|}}} |add element  inet main  tcp_port_out { {{{tcp_port_out}}} }
}}{{If || {{{tcp_port_in|}}} | add element  inet main  tcp_port_in { {{{tcp_port_in}}} }
+
}}{{If || {{{udp_port_out|}}} |add element  inet main  udp_port_out { {{{udp_port_out}}} }
}}{{#if: {{{udp_port_in|}}} | add element  inet main  udp_port_in { {{{udp_port_in}}} } }}
+
}}{{#if: {{{user_out|}}} |add element  inet main  user_out { {{{user_out}}} } }}
 
|lang="sh"}}
 
|lang="sh"}}
 
and activate it using
 
and activate it using
 
<syntaxhighlight lang="console">
 
<syntaxhighlight lang="console">
# /etc/nftables/reload_main.conf
+
$ sudo /etc/nftables/reload_main.conf
 
</syntaxhighlight></includeonly>
 
</syntaxhighlight></includeonly>

Latest revision as of 10:20, 11 December 2016


Description

Configure nftables

Template parameters

ParameterDescriptionTypeStatus
Categorycategory

Label be used as category header

Example
Web Server
Stringsuggested
tcp_port_intcp_port_in

Comma separated list of TCP ports to open from the internet to the machine

Example
80, 443
Stringsuggested
udp_port_inudp_port_in

Comma separated list of UDP ports to open from the internet to the machine

Example
4567
Stringsuggested
tcp_port_outtcp_port_out

Comma separated list of TCP ports to open from the machine to the internet

Example
80, 443
Stringsuggested
udp_port_outudp_port_out

Comma separated list of UDP ports to open from the machine to the internet

Example
123
Stringsuggested
user_outuser_out

Comma separated list of user with unlimited internet access

Example
root
Stringsuggested

Example

Code

{{nftables/config|category=Bind|tcp_port_in=53|udp_port_in=53|tcp_port_out=|udp_port_out=|user_out=}}

Result

Assuming that you configured nftables as described, you can edit file /etc/nftables/main_config.conf and add 

# Bind
add element  inet main  tcp_port_in { 53 }
add element  inet main  udp_port_in { 53 }

and activate it using 

$ sudo /etc/nftables/reload_main.conf


Retrieved from ‘https://wiki.meurisse.org/index.php?title=Template:nftables/config&oldid=501