一,查看规则
查看所有规则
[root@192 ~]# nft list ruleset
table inet my_table {chain my_chain {type filter hook input priority filter; policy accept;tcp dport 22 accepttcp dport 80 accepttcp dport 3306 accepttcp dport 123 accept}
}查看指定表内的规则
[root@192 ~]# nft list table inet my_table
table inet my_table {chain my_chain {type filter hook input priority filter; policy accept;tcp dport 22 accepttcp dport 80 accepttcp dport 3306 accepttcp dport 123 accept}
}查看指定链内的规则
[root@192 ~]# nft list chain inet my_table my_chain
table inet my_table {chain my_chain {type filter hook input priority filter; policy accept;tcp dport 22 accepttcp dport 80 accepttcp dport 3306 accepttcp dport 123 accept}
}二,删除规则
1,查看得到规则的句柄:
[root@192 ~]# nft --handle list chain inet my_table my_chain
table inet my_table {chain my_chain { # handle 9type filter hook input priority filter; policy accept;tcp dport 22 accept # handle 10tcp dport 80 accept # handle 11tcp dport 3306 accept # handle 12tcp dport 123 accept # handle 13}
}-a参数也可以看到规则的句柄
[root@192 ~]# nft -a list chain inet my_table my_chain
table inet my_table {chain my_chain { # handle 9type filter hook input priority filter; policy accept;tcp dport 22 accept # handle 10tcp dport 80 accept # handle 11tcp dport 3306 accept # handle 12tcp dport 123 accept # handle 13}
}删除 :
[root@192 ~]# nft delete rule inet my_table my_chain handle 11查看效果:
[root@192 ~]# nft -a list chain inet my_table my_chain
table inet my_table {chain my_chain { # handle 9type filter hook input priority filter; policy accept;tcp dport 22 accept # handle 10tcp dport 3306 accept # handle 12tcp dport 123 accept # handle 13}
}
