Accepting and dropping packets

From nftables wiki
Revision as of 19:45, 13 July 2016 by Pablo (talk | contribs) (Created page with "= Dropping packets = You can use the ''drop'' option to drop packets. Note that drop is a '''terminating''' action, so you cannot add any other action after it. <source lang...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Dropping packets

You can use the drop option to drop packets. Note that drop is a terminating action, so you cannot add any other action after it.

nft add rule filter output drop

Beware when testing this, you'll likely lose any Internet connectivity :-).

Accepting packets

A simple rule to accept any sort of traffic is:

nft add rule filter output accept

You can add counters to that rule:

nft add rule filter output counter accept

So you can watch that all traffic is actually accepted:

nft list table filter
table ip filter {
        chain output {
                 type filter hook output priority 0;
                 counter packets 1 bytes 84 accept
        }
}