Version 2 - Historique - Nftables - tetaneutral.net

Nftables » Historique » Version 2

Laurent GUERBY, 28/03/2014 19:33

-Laurent GUERBY
+{{>toc}}
 Laurent GUERBY
-Laurent GUERBY
+h1. Nftables
 Laurent GUERBY
-Laurent GUERBY
+h2. Liens
 Laurent GUERBY
-Laurent GUERBY
+* https://wiki.archlinux.org/index.php/Nftables
-Laurent GUERBY
+* https://home.regit.org/netfilter-en/nftables-quick-howto/
-Laurent GUERBY
+* http://wiki.nftables.org/
 Laurent GUERBY
-Laurent GUERBY
+h2. Examples
 Laurent GUERBY
-Laurent GUERBY
+<pre>
-Laurent GUERBY
+root@h7:~# nft --version
-Laurent GUERBY
+nftables v0.100 (keith-alexander-filter)
-Laurent GUERBY
+root@h7:~# cat /proc/version
-Laurent GUERBY
+Linux version 3.14-rc7-amd64 (debian-kernel@lists.debian.org) (gcc version 4.8.2 (Debian 4.8.2-16) ) #1 SMP Debian 3.14~rc7-1~exp1 (2014-03-17)
-Laurent GUERBY
+</pre>
 Laurent GUERBY
-Laurent GUERBY
+<pre>
-Laurent GUERBY
+root@h7:~# nft add rule filter output udp dport 0-65535 ip daddr 91.224.149.151 counter
-Laurent GUERBY
+root@h7:~# nft list chain filter output -a -n
-Laurent GUERBY
+table ip filter {
-Laurent GUERBY
+	chain output {
-Laurent GUERBY
+		 type filter hook output priority 0;
-Laurent GUERBY
+		 ip protocol udp udp dport >= 0 udp dport <= 65535 counter packets 171479 bytes 256167178 # handle 13
-Laurent GUERBY
+		 ip protocol udp udp dport >= 0 udp dport <= 65535 ip daddr 91.224.149.151 counter packets 0 bytes 0 # handle 15
 Laurent GUERBY
 Laurent GUERBY
-Laurent GUERBY
+root@h7:~# iperf -c 91.224.149.151 -u -b 100M
-Laurent GUERBY
+------------------------------------------------------------
-Laurent GUERBY
+Client connecting to 91.224.149.151, UDP port 5001
-Laurent GUERBY
+Sending 1470 byte datagrams
-Laurent GUERBY
+UDP buffer size:  208 KByte (default)
-Laurent GUERBY
+------------------------------------------------------------
-Laurent GUERBY
+[  3] local 91.224.149.2 port 41909 connected with 91.224.149.151 port 5001
-Laurent GUERBY
+[ ID] Interval       Transfer     Bandwidth
-Laurent GUERBY
+[  3]  0.0-10.0 sec   120 MBytes   100 Mbits/sec
-Laurent GUERBY
+[  3] Sent 85471 datagrams
-Laurent GUERBY
+read failed: Connection refused
-Laurent GUERBY
+[  3] WARNING: did not receive ack of last datagram after 1 tries.
-Laurent GUERBY
+root@h7:~# nft list chain filter output -a -n
-Laurent GUERBY
+table ip filter {
-Laurent GUERBY
+	chain output {
-Laurent GUERBY
+		 type filter hook output priority 0;
-Laurent GUERBY
+		 ip protocol udp udp dport >= 0 udp dport <= 65535 counter packets 256951 bytes 384184664 # handle 13
-Laurent GUERBY
+		 ip protocol udp udp dport >= 0 udp dport <= 65535 ip daddr 91.224.149.151 counter packets 85457 bytes 128014586 # handle 15
 Laurent GUERBY
 Laurent GUERBY
-Laurent GUERBY
+root@h7:~# nft delete rule filter output handle 15
-Laurent GUERBY
+root@h7:~# nft list chain filter output -a -n
-Laurent GUERBY
+table ip filter {
-Laurent GUERBY
+	chain output {
-Laurent GUERBY
+		 type filter hook output priority 0;
-Laurent GUERBY
+		 ip protocol udp udp dport >= 0 udp dport <= 65535 counter packets 256982 bytes 384190532 # handle 13
 Laurent GUERBY
 Laurent GUERBY
-Laurent GUERBY
+</pre>
 Laurent GUERBY
-Laurent GUERBY
+<pre>
-Laurent GUERBY
+nft add rule filter output udp dport 0-65535 counter
-Laurent GUERBY
+nft add rule filter input ip daddr 91.224.149.2 counter
-Laurent GUERBY
+</pre>

Projet

Général

Profil

Nftables » Historique » Version 2