nft ã§æŒ‡å®šä½ç½®ã«insert ã™ã‚‹
æ—¢å˜ã®ãƒ«ãƒ¼ãƒ«ãŒæ¬¡ã®ã‚ˆã†ã«ãªã£ã¦ã„ã‚‹ã¨ã
table inet fw4 {
chain forward { # handle 2
type filter hook forward priority filter; policy drop;
$EXISTS_RULE # handle 2340
$EXISTS_RULE # handle 2341
$EXISTS_RULE # handle 2345
$EXISTS_RULE # handle 2346
jump handle_reject # handle 2352
}
}
指定ä½ç½®(jump handle_reject 2532 ) ã®ç›´å‰ã«ãƒ«ãƒ¼ãƒ«ã‚’入れãŸã„
nft insert rule inet fw4 forward position 2352 mark 666 counter accept
çµæžœã¯æ¬¡ã®ã‚ˆã†ã«ãªã£ã¦ã„ã‚‹
table inet fw4 {
chain forward { # handle 2
type filter hook forward priority filter; policy drop;
$EXISTS_RULE # handle 2340
$EXISTS_RULE # handle 2341
$EXISTS_RULE # handle 2345
$EXISTS_RULE # handle 2346
meta mark 0x0000029a accept # handle 2563 <=== 挿入
jump handle_reject # handle 2352
}
}
HANDLEを探ã™
末尾ã®ä¸€ã¤å‰ã«å…¥ã‚ŒãŸã„ã¨ãã€ç‰¹å®šã®ãƒ«ãƒ¼ãƒ«ã®ç›´å‰ã«å…¥ã‚ŒãŸã„ã¨ããªã©ã‚ã‚‹ã ã‚ã†ãŒã€grep ã—ã¦æŽ¢ã™ã—ã‹ç„¡ã„。
GREPã§ãるよã†ãªã‚³ãƒ¡ãƒ³ãƒˆãŒã¨ã¦ã‚‚é‡è¦ã«ãªã£ã¦ãる。
TBL='inet fw4' CHAIN='foward' UNIQUE='handle_reject' nft -a list chain $TBL $CHAIN | grep handle_reject | grep -oP '(?<=handle )+\d+'
ユニークãªã‚³ãƒ¡ãƒ³ãƒˆãŒæœ‰ã‚‹ã¨ã€ãƒãƒ³ãƒ‰ãƒ«æŽ¢ç´¢ãŒæ¥½ã€‚
TBL='my_table' UNIQUE_COMMENT=':Quu9xeik' nft -a list table $TBL | grep $UNIQUE_COMMENT | grep -oP '(?<=handle )+\d+'
直後ã¯ADD
insert ã®å¤‰ã‚ã‚Šã«ã€ADDã‚‚ã§ãã‚‹
nft add rule $TBL $CHAIN position 2352 mark 666 counter accept
指定ä½ç½®ã®insertãŒä¾¿åˆ©
特定ã®ãƒ«ãƒ¼ãƒ«ã®ç›´å‰ã«æŒ¿å…¥ï¼ˆINSERT)ã¨ç‰¹å®šã®ãƒ«ãƒ¼ãƒ«ã®ç›´å¾Œã«è¿½åŠ (ADD)をãŒã§ãã‚‹ã®ã¯ã€nftã®ç‰¹å¾´ã§ä¾¿åˆ©ã€‚
ファイアウォールã¯å…ˆé ã®ä¸€ã¤ã‚ã¨ã‚„末尾ã®ï¼‘ã¤ã¾ãˆã‚’よã使ã†ã¨æ€ã†ã®ã§ã€ã‚ˆã使ã†æŒ¿å…¥ç®‡æ‰€ã¯ã‚·ãƒ§ãƒ¼ãƒˆã‚«ãƒƒãƒˆå‡ºæ¥ã¦ã»ã—ã„ã¨ã“ã‚・・・悩ã¾ã—ã„。
