Tree - source-git/nftables - CentOS Git server

source-git / nftables

Blame files/examples/ct_helpers.nft

Blob History Raw

Packit	c5a612	`#!/usr/sbin/nft -f`
Packit	c5a612
Packit	c5a612	`# This example file shows how to use ct helpers in the nftables framework.`
Packit	c5a612	`# Note that nftables includes interesting improvements compared to how this`
Packit	c5a612	`# was done with iptables, such as loading multiple helpers with a single rule`
Packit	c5a612	# This script is meant to be loaded with `nft -f <file>`
Packit	c5a612	`# You require linux kernel >= 4.12 and nft >= 0.8`
Packit	c5a612	`# For up-to-date information please visit https://wiki.nftables.org`
Packit	c5a612
Packit	c5a612	`# Using ct helpers is an important security feature when doing stateful`
Packit	c5a612	`# firewalling, since it mitigate certain networking attacks.`
Packit	c5a612	`# More info at: https://home.regit.org/netfilter-en/secure-use-of-helpers/`
Packit	c5a612
Packit	c5a612
Packit	c5a612	`flush ruleset`
Packit	c5a612	`table inet filter {`
Packit	c5a612	`# declare helpers of this table`
Packit	c5a612	`ct helper ftp-standard {`
Packit	c5a612	`type "ftp" protocol tcp;`
Packit	c5a612	`l3proto inet`
Packit	c5a612	`}`
Packit	c5a612	`ct helper sip-5060 {`
Packit	c5a612	`type "sip" protocol udp;`
Packit	c5a612	`l3proto inet`
Packit	c5a612	`}`
Packit	c5a612	`ct helper tftp-69 {`
Packit	c5a612	`type "tftp" protocol udp`
Packit	c5a612	`l3proto inet`
Packit	c5a612	`}`
Packit	c5a612
Packit	c5a612	`chain input {`
Packit	c5a612	`type filter hook input priority 0; policy drop;`
Packit	c5a612	`ct state established,related accept`
Packit	c5a612
Packit	c5a612	`# assign a single helper in a single rule`
Packit	c5a612	`tcp dport 21 ct helper set "ftp-standard"`
Packit	c5a612
Packit	c5a612	`# assign multiple helpers in a single rule`
Packit	c5a612	`ct helper set udp dport map {`
Packit	c5a612	`69 : "tftp-69", \`
Packit	c5a612	`5060 : "sip-5060" }`
Packit	c5a612	`}`
Packit	c5a612	`}`

source-git / nftables

Source Code

Blame files/examples/ct_helpers.nft