blob: 97582aa10e75ce12d46d87fec4d648cdf6796955 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
#! nft -f
add table ip filter
add chain ip filter output NF_INET_LOCAL_OUT 0
# meta: skb len
add rule ip filter output meta length 1000 counter
# meta: skb protocol
add rule ip filter output meta protocol 0x0800 counter
# meta: skb mark
add rule ip filter output meta mark 0 counter
# meta: skb iif
add rule ip filter output meta iif 1 counter
# meta: skb iifname
add rule ip filter output meta iifname "eth0" counter
# meta: skb oif
add rule ip filter output meta oif 1 counter
# meta: skb oifname
add rule ip filter output meta oifname "eth0" counter
# meta: skb sk uid
add rule ip filter output meta skuid 1000 counter
# meta: skb sk gid
add rule ip filter output meta skgid 1000 counter
# meta: nftrace - broken, probably should be removed to avoid abuse
#add rule ip filter output meta nftrace 0 counter
# meta: rtclassid
add rule ip filter output meta rtclassid 1 counter
# meta: secmark
add rule ip filter output meta secmark 0 counter
|
