Home » Categories

Liunx

Using nftables for dynamic rules

Create ruleset File nftables.conf table inet mytable { set block_network { type ipv4_addr timeout 1h flags interval } set block_network6 { type ipv6_addr timeout 1h flags interval } chain input { type filter hook input priority 0; ip saddr @block_network drop ip6 saddr @block_network6 drop } } Load ruleset nft -f nftables.conf List ruleset nft list ruleset Add element nft add element ip my_filter block_network { 192.0.2.0/24; } nft add element ip6 my_filter block_network6 { 2001:db8::/32; } Delete element nft delete element ip my_filter block_network { 192.0.2.0/24; } nft delete element ip6 my_filter block_network6 { 2001:db8::/32; } Flush set nft flush ip my_filter block_network nft flush ip6 my_filter block_network6 Backup nft list ruleset > nftables.conf Restore nft restore < nftables.conf Delete Table nft delete table inet mytable Set nft delete set ip my_filter block_network nft delete set ip6 my_filter block_network6 Rule nft delete rule ip my_filter INPUT ip saddr @block_network drop nft delete rule ip6 my_filter INPUT ip6 saddr @block_network6 drop

ऑक्टोबर 9, 2025 · 1 min · 161 words · शंतनू

Using ipset for dynamic rules

Create set IPv4 ipset create block_network hash:net family inet ipset create block_network hash:net timeout 3600 family inet IPv6 ipset create block_network6 hash:net family inet6 ipset create block_network6 hash:net timeout 3600 family inet6 Create firewall rules IPv4 iptables -I INPUT -m set --match-set block_network src -j DROP IPv6 ip6tables -I INPUT -m set --match-set block_network6 src -j DROP Block network IPv4 ipset add block_network 192.0.2.0/24 IPv6 ipset add block_network6 2001:db8::/32 Unblock network IPv4 ipset del block_network 192.0.2.0/24 IPv6 ipset del block_network6 2001:db8::/32 Flush set IPv4 ipset flush block_network IPv6 ipset flush block_network6 Delete set ipset destroy block_network ipset destroy block_network6 Backup ipset save block_network > block_network.ipset ipset save block_network6 > block_network6.ipset Restore ipset restore < block_network.ipset ipset restore < block_network6.ipset Delete firewall iptables -D INPUT -m set --match-set block_network src -j DROP ip6tables -D INPUT -m set --match-set block_network6 src -j DROP

जून 25, 2025 · 1 min · 141 words · शंतनू