Building rules through expressions: Difference between revisions

From nftables wiki
Jump to navigation Jump to search
(Created page with "''nftables'' provides the following built-in operations: * '''ne''' which stands for non equal. Alternatively you can use '''!='''. * '''lt''' means ''less than''. Alternativ...")
 
(Inserted missing "equal" rule; changed "non equal" to "not equal"; italicised equal and not equal to match other rules;use "which stands for" throughout)
 
Line 1: Line 1:
''nftables'' provides the following built-in operations:
''nftables'' provides the following built-in operations:


* '''ne''' which stands for non equal. Alternatively you can use '''!='''.
* '''eq''' which stands for ''equal''. Alternatively you can use '''=='''.
* '''lt''' means ''less than''. Alternatively you can use '''<'''.
* '''ne''' which stands for ''not equal''. Alternatively you can use '''!='''.
* '''gt''' means ''greater than''. Alternatively you can use '''>'''.
* '''lt''' which stands for ''less than''. Alternatively you can use '''<'''.
* '''le''' means ''less than or equal to''. Alternatively you can use '''<='''.
* '''gt''' which stands for ''greater than''. Alternatively you can use '''>'''.
* '''ge''' means ''greater than or equal to''. Alternatively you can use '''>='''.
* '''le''' which stands for ''less than or equal to''. Alternatively you can use '''<='''.
* '''ge''' which stands for ''greater than or equal to''. Alternatively you can use '''>='''.


'''Beware''': if you use the symbols '''<''' and '''>''' from the shell since it will interpret those as the standard input and output redirection respectively. You will need to escape them, eg. '''\<'''.
'''Beware''': if you use the symbols '''<''' and '''>''' from the shell since it will interpret those as the standard input and output redirection respectively. You will need to escape them, eg. '''\<'''.

Latest revision as of 22:54, 15 August 2017

nftables provides the following built-in operations:

  • eq which stands for equal. Alternatively you can use ==.
  • ne which stands for not equal. Alternatively you can use !=.
  • lt which stands for less than. Alternatively you can use <.
  • gt which stands for greater than. Alternatively you can use >.
  • le which stands for less than or equal to. Alternatively you can use <=.
  • ge which stands for greater than or equal to. Alternatively you can use >=.

Beware: if you use the symbols < and > from the shell since it will interpret those as the standard input and output redirection respectively. You will need to escape them, eg. \<.

The following example shows how to match all incoming traffic not coming to port TCP/22. 

nft add rule filter input tcp dport != 22

Similarly, you can also match traffic coming to high ports with the following command: 

nft add rule filter input tcp dport >= 1024
Retrieved from "http://wiki.nftables.org/wiki-nftables/index.php?title=Building_rules_through_expressions&oldid=164"