From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Mario V Guenzi <jclark@tiscali.it>
Cc: Netfilter list <netfilter@vger.kernel.org>
Subject: Re: Grammar in a bash script
Date: Tue, 18 Aug 2020 12:11:25 +0200 [thread overview]
Message-ID: <20200818101125.GA10691@salvia> (raw)
In-Reply-To: <3e973ae0-55aa-eabb-adb2-9af5f2bea500@tiscali.it>
On Tue, Aug 18, 2020 at 07:12:38AM +0200, Mario V Guenzi wrote:
> Il 17/08/20 10:56, Pablo Neira Ayuso ha scritto:
> > Hi,
>
> > You can set default policy to drop wehn defining the chain (in the
> > same go), no need to call it twice, my suggestion for your ruleset is
> > to place this in ruleset.nft:
> >
> > add table inet firewall
> > add table inet nat
> > add table netdev noddos
> >
> > add chain inet firewall INPUT { type filter hook input priority 0; policy drop; }
> > add chain inet firewall OUTPUT { type filter hook output priority 0; policy drop; }
> > add chain inet firewall FORWARD { type filter hook forward priority 0; policy drop; }
> > ...
> >
> > my rules
> > my rules
> > my rules
> >
>
> At first many thanks.
> another question given your kindness,
> I can use bash only to define my variables eg
> EXTIF = "eth0"
> LAN = "192.168.2.0/24"
> etc
> use the variables defined in writing the rules.nft file as per your
> example and then write
> nft -f /path/rules.nft in my bash script?
You can define variables in nftables, e.g.
define EXTIF = "eth0"
add rule inet firewall INPUT iifname $EXTIF accept
next prev parent reply other threads:[~2020-08-18 10:11 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-17 5:55 Grammar in a bash script Mario V Guenzi
2020-08-17 8:56 ` Pablo Neira Ayuso
2020-08-18 5:12 ` Mario V Guenzi
2020-08-18 10:04 ` A L
2020-08-18 10:11 ` Pablo Neira Ayuso [this message]
2020-08-18 10:28 ` Mario Vittorio Guenzi
2020-08-19 7:55 ` Pablo Neira Ayuso
2020-08-18 10:32 ` Reindl Harald
2020-08-18 10:41 ` Mario Vittorio Guenzi
2020-09-25 12:01 ` Mario Vittorio Guenzi
-- strict thread matches above, loose matches on Subject: below --
2020-08-17 8:09 Mario V Guenzi
2020-08-17 8:42 ` Reindl Harald
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200818101125.GA10691@salvia \
--to=pablo@netfilter.org \
--cc=jclark@tiscali.it \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.