Using nftables for dynamic rules

Create ruleset File nftables.conf table inet mytable { set block_network { type ipv4_addr timeout 1h flags interval } set block_network6 { type ipv6_addr timeout 1h flags interval } chain input { type filter hook input priority 0; ip saddr @block_network drop ip6 saddr @block_network6 drop } } Load ruleset nft -f nftables.conf List ruleset nft list ruleset Add element nft add element inet my_filter block_network { 192.0.2.0/24; } nft add element inet my_filter block_network6 { 2001:db8::/32; } Delete element nft delete element inet my_filter block_network { 192.0.2.0/24; } nft delete element inet my_filter block_network6 { 2001:db8::/32; } Flush set nft flush set inet my_filter block_network nft flush set inet my_filter block_network6 Backup nft list ruleset > nftables.conf Restore nft restore < nftables.conf Delete Table nft delete table inet mytable Set nft delete set inet my_filter block_network nft delete set inet my_filter block_network6 Rule nft delete rule inet my_filter INPUT ip saddr @block_network drop nft delete rule inet my_filter INPUT ip6 saddr @block_network6 drop

ऑक्टोबर 9, 2025 · 1 min · 163 words · शंतनू

Using ipset for dynamic rules

Create set IPv4 ipset create block_network hash:net family inet ipset create block_network hash:net timeout 3600 family inet IPv6 ipset create block_network6 hash:net family inet6 ipset create block_network6 hash:net timeout 3600 family inet6 Create firewall rules IPv4 iptables -I INPUT -m set --match-set block_network src -j DROP IPv6 ip6tables -I INPUT -m set --match-set block_network6 src -j DROP Block network IPv4 ipset add block_network 192.0.2.0/24 IPv6 ipset add block_network6 2001:db8::/32 Unblock network IPv4 ipset del block_network 192.0.2.0/24 IPv6 ipset del block_network6 2001:db8::/32 Flush set IPv4 ipset flush block_network IPv6 ipset flush block_network6 Delete set ipset destroy block_network ipset destroy block_network6 Backup ipset save block_network > block_network.ipset ipset save block_network6 > block_network6.ipset Restore ipset restore < block_network.ipset ipset restore < block_network6.ipset Delete firewall iptables -D INPUT -m set --match-set block_network src -j DROP ip6tables -D INPUT -m set --match-set block_network6 src -j DROP

जून 25, 2025 · 1 min · 141 words · शंतनू