Projet

Général

Profil

Révision 01f33f80

ID01f33f80394088766bfe7e89d9f56f5a52c12501
Parent 6824a5a3
Enfant 647b2d5c

Ajouté par Antoine Beaupré il y a plus de 2 ans

cleanup: more style and markup editing

Voir les différences:

README.md
37 37 
be purged if not managed anymore.
38 38 

  		




  39
  39
  
    
The main configuration file includes dedicated files for


  		




  40
  
  
    
the filter and nat tables, as well as processes any


  		




  
  40
  
    
the filter and NAT tables, as well as processes any


  		




  41
  41
  
    
`custom-*.nft` files before hand.


  		




  42
  42
  
    

  		




  43
  43
  
    
The filter and NAT tables both have all the master chains


  		




  44
  
  
    
(INPUT, OUTPUT, FORWARD in case of filter and PREROUTING


  		




  45
  
  
    
and POSTROUTING in case of NAT) configured, to which you


  		




  
  44
  
    
(`INPUT`, `OUTPUT`, `FORWARD` in case of filter and `PREROUTING`


  		




  
  45
  
    
and `POSTROUTING` in case of NAT) configured, to which you


  		




  46
  46
  
    
can hook in your own chains that can contain specific


  		




  47
  47
  
    
rules.


  		




  48
  48
  
    

  		




  49
  49
  
    
All filter masterchains drop by default.


  		




  50
  
  
    
By default we have a set of default_MASTERCHAIN chains


  		




  
  50
  
    
By default we have a set of `default_MASTERCHAIN` chains


  		




  51
  51
  
    
configured to which you can easily add your custom rules.


  		




  52
  52
  
    

  		




  53
  53
  
    
For specific needs you can add your own chain.


  		




  ......




  55
  55
  
    
There is a global chain, that defines the default behavior


  		




  56
  56
  
    
for all masterchains. This chain is empty by default.


  		




  57
  57
  
    

  		




  58
  
  
    
INPUT and OUTPUT to the loopback device is allowed by


  		




  
  58
  
    
`INPUT` and `OUTPUT` to the loopback device is allowed by


  		




  59
  59
  
    
default, though you could restrict it later.


  		




  60
  60
  
    

  		




  61
  61
  
    
On the other hand, if you don't want any of the default tables, chains


  		




  62
  62
  
    
and rules created by the module, you can set `nftables::inet_filter`


  		




  63
  63
  
    
and/or `nftables::nat` to `false` and build your whole nftables


  		




  64
  64
  
    
configuration from scratch by using the building blocks provided by


  		




  65
  
  
    
this module. Looking at `nftables::inet_filter` for inspiration might


  		




  66
  
  
    
be a good idea.


  		




  
  65
  
    
this module. Look at `nftables::inet_filter` for inspiration.


  		




  67
  66
  
    

  		




  68
  67
  
    
## Rules Validation


  		




  69
  68
  
    

  		












Formats disponibles :  Unified diff