OpenWRT Switches From iptables To nftables!

So after many years of using and learning iptables, one of my favourite firewalls, I had to translate my command line ruleset into a new format/syntax. It wasn’t too bad but with the added power and flexibility of nftables, it can be harder to find the order/priority of the rules for a given filter hook, for example, INPUT. However, I really appreciate how the new firewall incorporates some previous features that I used to have to install via iptables modules like ipset and hashlimit, which provides the rate limiting functionality!

hook="input"
nft list ruleset                               \
  | sed -e 's/counter.*[0-9]//g'               \
  | tr '\t' ' ' | tr '\r\n' '~' | tr '{}' '\n' \
  | grep -i "hook.${hook}"                     \
  | tr '~' '\n'                                \
  | grep -i '[a-z]'                            \
  | sed -e 's/^[ ]*//'

type filter hook input priority filter; policy accept;
iifname "lo"  accept
iifname "lan" udp dport 67  accept
iifname "wan" ct state established,related  accept
drop

One thought on “OpenWRT Switches From iptables To nftables!”

Pingback: Links 07/09/2022: GNOME Releases and elementaryOS Updates | Techrights ~

Jon's FOSS Blog

Anything networking, coding, crypto, or security

Menu

OpenWRT Switches From iptables To nftables!

One thought on “OpenWRT Switches From iptables To nftables!”

Leave a reply to Links 07/09/2022: GNOME Releases and elementaryOS Updates | Techrights Cancel reply

Menu

Share this:

Related

One thought on “OpenWRT Switches From iptables To nftables!”

Leave a reply to Links 07/09/2022: GNOME Releases and elementaryOS Updates | Techrights Cancel reply