summaryrefslogtreecommitdiffstats
path: root/files/nftables/all-in-one.nft
blob: d3aa7f37f29f1fb5e26246939d99788a6183b97c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
#!@sbindir@nft -f

# Here is an example of different families, hooks and priorities in the
# nftables framework, all mixed together.
#
# more examples are located in files/examples in nftables source.
# For up-to-date information please visit https://wiki.nftables.org
#
# This script is mean to be loaded with `nft -f <file>`

# clear all prior state
flush ruleset

# native dual stack IPv4 & IPv6 family
include "./inet-filter.nft"
include "./inet-nat.nft"

# netdev family at ingress hook. Attached to a given NIC
include "./netdev-ingress.nft"

# IPv4 family, typical iptables tables/chains layout
include "./ipv4-filter.nft"
include "./ipv4-mangle.nft"
include "./ipv4-nat.nft"
include "./ipv4-raw.nft"

# IPv6 family, typical ip6tables tables/chains layout
include "./ipv6-filter.nft"
include "./ipv6-mangle.nft"
include "./ipv6-nat.nft"
include "./ipv6-raw.nft"

# ARP family, typical arptables tables/chain layout
include "./arp-filter.nft"

# bridge family, typical ebtables tables/chain layout
include "./bridge-filter.nft"