Re: nftables default rules package

To: debian-user@lists.debian.org
Subject: Re: nftables default rules package
From: Michel Verdier <michel.verdier.829@gmail.com>
Date: Sun, 11 Dec 2022 16:42:46 +0100
Message-id: <[🔎] 87pmcqrlop.fsf@gmail.com>
In-reply-to: <[🔎] bfbaa9dd-e7f6-5735-f2db-2c772eff3af7@rodier.me> (Andre Rodier's message of "Sun, 11 Dec 2022 15:08:20 +0000")
References: <[🔎] bfbaa9dd-e7f6-5735-f2db-2c772eff3af7@rodier.me>

Le 11 décembre 2022 Andre Rodier a écrit :

> Howerver, IMHO, it would be better to create an empty directory, for instance /etc/nftables or /etc/mftables/rules,
> and to include this directory from /etc/nftables.conf.
>
> That way, we could place any rules in a directory, which is the way nftables works better, compared to say, iptables.

As I understand, nftables.conf serves to save setup for next boot with :
nft -s list ruleset > /etc/nftables.conf
And this save needs to not be automatic to prevent erroneous rules to be kept
after reboot.
So if /etc/nftables/rules/ is included in /etc/nftables.conf it implies
to play elsewhere and save separate files in /etc/nftables/rules/ after
testing.

But a default /etc/nftables/rules/ would be great with some defaults, for
example the basics found on
https://wiki.nftables.org/wiki-nftables/index.php/Simple_ruleset_for_a_workstation
and/or
https://wiki.nftables.org/wiki-nftables/index.php/Simple_ruleset_for_a_server

Reply to:

References:
- nftables default rules package
  - From: Andre Rodier <andre@rodier.me>

Prev by Date: Re: t-bird vs filters to sort msgs
Next by Date: Re: installation partition recommendations
Previous by thread: nftables default rules package
Next by thread: multiple messages
Index(es):
- Date
- Thread