Accepting and dropping packets

From nftables wiki
Jump to navigation Jump to search

Dropping packets

You can use the drop option to drop packets. Note that drop is a terminating action, so you cannot add any other action after it. 

nft add rule filter output drop

Beware when testing this, you'll likely lose any Internet connectivity :-).

Accepting packets

A simple rule to accept any sort of traffic is: 

nft add rule filter output accept

You can add counters to that rule: 

nft add rule filter output counter accept

So you can watch that all traffic is actually accepted: 

nft list table filter
table ip filter {
        chain output {
                 type filter hook output priority 0;
                 counter packets 1 bytes 84 accept
        }
}
Retrieved from "http://wiki.nftables.org/wiki-nftables/index.php?title=Accepting_and_dropping_packets&oldid=13"