Template:nftables/config: Difference between revisions

Latest revision as of 10:20, 11 December 2016

Configure nftables

Template parameters[Edit template data]
Parameter		Description	Type	Status
Category	`category`	Label be used as category header Example Web Server	String	suggested
tcp_port_in	`tcp_port_in`	Comma separated list of TCP ports to open from the internet to the machine Example 80, 443	String	suggested
udp_port_in	`udp_port_in`	Comma separated list of UDP ports to open from the internet to the machine Example 4567	String	suggested
tcp_port_out	`tcp_port_out`	Comma separated list of TCP ports to open from the machine to the internet Example 80, 443	String	suggested
udp_port_out	`udp_port_out`	Comma separated list of UDP ports to open from the machine to the internet Example 123	String	suggested
user_out	`user_out`	Comma separated list of user with unlimited internet access Example root	String	suggested

{{nftables/config|category=Bind|tcp_port_in=53|udp_port_in=53|tcp_port_out=|udp_port_out=|user_out=}}

Assuming that you configured nftables as described, you can edit file /etc/nftables/main_config.conf and add

# Bind
add element  inet main  tcp_port_in { 53 }
add element  inet main  udp_port_in { 53 }

and activate it using

$ sudo /etc/nftables/reload_main.conf

@@ Line 59: / Line 59: @@
 }
 </templatedata>
+== Example ==
+=== Code ===
+<syntaxhighlight lang="text">{{nftables/config|category=Bind|tcp_port_in=53|udp_port_in=53|tcp_port_out=|udp_port_out=|user_out=}}</syntaxhighlight>
+=== Result ===
+{{nftables/config|category=Bind|tcp_port_in=53|udp_port_in=53|tcp_port_out=|udp_port_out=|user_out=}}
 </noinclude><includeonly>Assuming that you configured [[nftables|nftables as described]], you can edit file <code>/etc/nftables/main_config.conf</code> and add
@@ Line 71: / Line 77: @@
 and activate it using
 <syntaxhighlight lang="console">
-# /etc/nftables/reload_main.conf
+$ sudo /etc/nftables/reload_main.conf
 </syntaxhighlight></includeonly>