Firewall
如何刪除 nftables 鏈中的特定元素?
目前系統:
- 發行版:Ubuntu 20.04
- 核心:5.4.0-124-generic
- nft: nftables v0.9.3 (Topsy)
我是新手,正在學習 nftables,這是我目前的 nft 規則集:
$sudo nft list ruleset taxmd-dh016d-02: Wed Sep 21 12:09:08 2022 table inet filter { chain input { type filter hook input priority filter; policy accept; } chain forward { type filter hook forward priority filter; policy accept; } chain output { type filter hook output priority filter; policy accept; ip daddr 192.168.0.1 drop } }我想
ip daddr 192.168.0.1 drop從輸對外連結中刪除。我嘗試了以下方法:sudo nft del rule inet filter output ip daddr 192.168.0.1 drop sudo nft delete rule inet filter output ip daddr sudo nft 'delete element ip daddr 192.168.0.1 drop' sudo nft 'delete element ip' sudo nft delete rule filter output ip daddr 192.168.0.1 drop但沒有任何效果,我不斷收到此錯誤:
Error: syntax error, unexpected inet delete inet filter chain output ip daddr 192.168.0.1 drop ^^^^為什麼我不能刪除特定元素?我認為這將是直截了當的,但我錯過了一些東西。
wiki說您嘗試的內容尚未實現:您必須獲取句柄才能刪除規則。例子是:
$ sudo nft -a list table inet filter table inet filter { ... chain output { type filter hook output priority 0; ip daddr 192.168.1.1 counter packets 1 bytes 84 # handle 5 } }將
-a分配的句柄“5”顯示為註釋,因此您可以$ sudo nft delete rule filter output handle 5