Template:nftables/config: Difference between revisions
From wiki
Whitespace take 2 |
sudo |
||
| (3 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
<noinclude> | |||
<noinclude> | <noinclude> | ||
== Description == | == Description == | ||
| Line 10: | Line 11: | ||
"example": "Web Server", | "example": "Web Server", | ||
"type": "string" | "type": "string" | ||
}, | |||
"tcp_port_in": { | |||
"type": "string", | |||
"suggested": true, | |||
"label": "tcp_port_in", | |||
"description": "Comma separated list of TCP ports to open from the internet to the machine", | |||
"example": "80, 443" | |||
}, | |||
"udp_port_in": { | |||
"type": "string", | |||
"suggested": true, | |||
"label": "udp_port_in", | |||
"description": "Comma separated list of UDP ports to open from the internet to the machine", | |||
"example": "4567" | |||
}, | }, | ||
"tcp_port_out": { | "tcp_port_out": { | ||
| Line 31: | Line 46: | ||
"description": "Comma separated list of user with unlimited internet access", | "description": "Comma separated list of user with unlimited internet access", | ||
"example": "root" | "example": "root" | ||
} | } | ||
}, | }, | ||
| Line 58: | Line 59: | ||
} | } | ||
</templatedata> | </templatedata> | ||
== Example == | |||
=== Code === | |||
<syntaxhighlight lang="text">{{nftables/config|category=Bind|tcp_port_in=53|udp_port_in=53|tcp_port_out=|udp_port_out=|user_out=}}</syntaxhighlight> | |||
=== Result === | |||
{{nftables/config|category=Bind|tcp_port_in=53|udp_port_in=53|tcp_port_out=|udp_port_out=|user_out=}} | |||
</noinclude><includeonly>Assuming that you configured [[nftables|nftables as described]], you can edit file <code>/etc/nftables/main_config.conf</code> and add | </noinclude><includeonly>Assuming that you configured [[nftables|nftables as described]], you can edit file <code>/etc/nftables/main_config.conf</code> and add | ||
{{#tag:syntaxhighlight| | {{#tag:syntaxhighlight| | ||
{{If || {{{category|}}} | # {{{category}}} | {{If || {{{category|}}} |# {{{category}}} | ||
}}{{If || {{{ | }}{{If || {{{tcp_port_in|}}} |add element inet main tcp_port_in { {{{tcp_port_in}}} } | ||
}}{{If || {{{ | }}{{If || {{{udp_port_in|}}} |add element inet main udp_port_in { {{{udp_port_in}}} } | ||
}}{{If || {{{ | }}{{If || {{{tcp_port_out|}}} |add element inet main tcp_port_out { {{{tcp_port_out}}} } | ||
}}{{If || {{{ | }}{{If || {{{udp_port_out|}}} |add element inet main udp_port_out { {{{udp_port_out}}} } | ||
}}{{#if: {{{ | }}{{#if: {{{user_out|}}} |add element inet main user_out { {{{user_out}}} } }} | ||
|lang="sh"}} | |lang="sh"}} | ||
and activate it using | and activate it using | ||
<syntaxhighlight lang="console"> | <syntaxhighlight lang="console"> | ||
$ sudo /etc/nftables/reload_main.conf | |||
</syntaxhighlight></includeonly> | </syntaxhighlight></includeonly> | ||
Latest revision as of 10:20, 11 December 2016
Description
Configure nftables
| Parameter | Description | Type | Status | |
|---|---|---|---|---|
| Category | category | Label be used as category header
| String | suggested |
| tcp_port_in | tcp_port_in | Comma separated list of TCP ports to open from the internet to the machine
| String | suggested |
| udp_port_in | udp_port_in | Comma separated list of UDP ports to open from the internet to the machine
| String | suggested |
| tcp_port_out | tcp_port_out | Comma separated list of TCP ports to open from the machine to the internet
| String | suggested |
| udp_port_out | udp_port_out | Comma separated list of UDP ports to open from the machine to the internet
| String | suggested |
| user_out | user_out | Comma separated list of user with unlimited internet access
| String | suggested |
Example
Code
{{nftables/config|category=Bind|tcp_port_in=53|udp_port_in=53|tcp_port_out=|udp_port_out=|user_out=}}
Result
Assuming that you configured nftables as described, you can edit file /etc/nftables/main_config.conf and add
# Bind
add element inet main tcp_port_in { 53 }
add element inet main udp_port_in { 53 }
and activate it using
$ sudo /etc/nftables/reload_main.conf
