当前系统:
- 发行版:Ubuntu 20.04
- 内核:5.4.0-124-generic
- nft: nftables v0.9.3 (Topsy)
我是新手,正在学习 nftables,这是我目前的 nft 规则集:
$sudo nft list ruleset taxmd-dh016d-02: Wed Sep 21 12:09:08 2022
table inet filter {
chain input {
type filter hook input priority filter; policy accept;
}
chain forward {
type filter hook forward priority filter; policy accept;
}
chain output {
type filter hook output priority filter; policy accept;
ip daddr 192.168.0.1 drop
}
}
我想ip daddr 192.168.0.1 drop从输出链中删除。我尝试了以下方法:
sudo nft del rule inet filter output ip daddr 192.168.0.1 drop
sudo nft delete rule inet filter output ip daddr
sudo nft 'delete element ip daddr 192.168.0.1 drop'
sudo nft 'delete element ip'
sudo nft delete rule filter output ip daddr 192.168.0.1 drop
但没有任何效果,我不断收到此错误:
Error: syntax error, unexpected inet
delete inet filter chain output ip daddr 192.168.0.1 drop
^^^^
为什么我不能删除特定元素?我认为这将是直截了当的,但我错过了一些东西。
wiki说您尝试的内容尚未实现:您必须获取句柄才能删除规则。例子是:
将
-a分配的句柄“5”显示为注释,因此您可以