{ "nftables": [ { "metainfo": { "version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1 } }, { "table": { "family": "ip", "name": "x", "handle": 0 } }, { "chain": { "family": "ip", "table": "x", "name": "y", "handle": 0 } }, { "rule": { "family": "ip", "table": "x", "chain": "y", "handle": 0, "expr": [ { "match": { "op": "==", "left": { "payload": { "protocol": "ip", "field": "daddr" } }, "right": "172.30.33.70" } }, { "match": { "op": "==", "left": { "payload": { "protocol": "tcp", "field": "dport" } }, "right": 3306 } }, { "counter": { "packets": 0, "bytes": 0 } }, { "drop": null } ] } }, { "rule": { "family": "ip", "table": "x", "chain": "y", "handle": 0, "expr": [ { "match": { "op": "==", "left": { "concat": [ { "meta": { "key": "l4proto" } }, { "payload": { "protocol": "ip", "field": "daddr" } }, { "payload": { "protocol": "tcp", "field": "dport" } } ] }, "right": { "set": [ { "concat": [ "tcp", "172.30.238.117", 8080 ] }, { "concat": [ "tcp", "172.30.33.71", 3306 ] }, { "concat": [ "tcp", "172.30.254.251", 3306 ] } ] } } }, { "counter": { "packets": 0, "bytes": 0 } }, { "reject": { "type": "icmp", "expr": "port-unreachable" } } ] } }, { "rule": { "family": "ip", "table": "x", "chain": "y", "handle": 0, "expr": [ { "match": { "op": "==", "left": { "payload": { "protocol": "ip", "field": "daddr" } }, "right": "172.30.254.252" } }, { "match": { "op": "==", "left": { "payload": { "protocol": "tcp", "field": "dport" } }, "right": 3306 } }, { "counter": { "packets": 0, "bytes": 0 } }, { "reject": { "type": "tcp reset" } } ] } }, { "table": { "family": "ip6", "name": "x", "handle": 0 } }, { "chain": { "family": "ip6", "table": "x", "name": "y", "handle": 0 } }, { "rule": { "family": "ip6", "table": "x", "chain": "y", "handle": 0, "expr": [ { "match": { "op": "==", "left": { "concat": [ { "meta": { "key": "l4proto" } }, { "payload": { "protocol": "ip6", "field": "daddr" } }, { "payload": { "protocol": "tcp", "field": "dport" } } ] }, "right": { "set": [ { "concat": [ "tcp", "aaaa::3", 8080 ] }, { "concat": [ "tcp", "aaaa::2", 3306 ] }, { "concat": [ "tcp", "aaaa::4", 3306 ] } ] } } }, { "counter": { "packets": 0, "bytes": 0 } }, { "reject": { "type": "icmpv6", "expr": "port-unreachable" } } ] } }, { "rule": { "family": "ip6", "table": "x", "chain": "y", "handle": 0, "expr": [ { "match": { "op": "==", "left": { "payload": { "protocol": "ip6", "field": "daddr" } }, "right": "aaaa::5" } }, { "match": { "op": "==", "left": { "payload": { "protocol": "tcp", "field": "dport" } }, "right": 3306 } }, { "counter": { "packets": 0, "bytes": 0 } }, { "reject": { "type": "tcp reset" } } ] } } ] }