Accepting and dropping packets

From nftables wiki
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Dropping packets

You can use the drop option to drop packets. Note that drop is a terminating action, so you cannot add any other action after it. 

nft add rule filter output drop

Beware when testing this, you'll likely lose any Internet connectivity :-).

Accepting packets

A simple rule to accept any sort of traffic is: 

nft add rule filter output accept

You can add counters to that rule: 

nft add rule filter output counter accept

So you can watch that all traffic is actually accepted: 

nft list table filter
table ip filter {
        chain output {
                 type filter hook output priority 0;
                 counter packets 1 bytes 84 accept
        }
}
Retrieved from "http://wiki.nftables.org/wiki-nftables/index.php?title=Accepting_and_dropping_packets&oldid=13"