blob: 122d2895ef622d7876d229639350dccaec7f3b8c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
#! nft -f
table add ip filter
chain add ip filter output NF_INET_LOCAL_OUT 0
# meta: skb len
rule add ip filter output meta length 1000 counter
# meta: skb protocol
rule add ip filter output meta protocol 0x0800 counter
# meta: skb mark
rule add ip filter output meta mark 0 counter
# meta: skb iif
rule add ip filter output meta iif 1 counter
# meta: skb iifname
rule add ip filter output meta iifname "eth0" counter
# meta: skb oif
rule add ip filter output meta oif 1 counter
# meta: skb oifname
rule add ip filter output meta oifname "eth0" counter
# meta: skb sk uid
rule add ip filter output meta skuid 1000 counter
# meta: skb sk gid
rule add ip filter output meta skgid 1000 counter
# meta: nftrace - broken, probably should be removed to avoid abuse
#rule add ip filter output meta nftrace 0 counter
# meta: rtclassid
rule add ip filter output meta rtclassid 1 counter
# meta: secmark
rule add ip filter output meta secmark 0 counter
|
