Art_Farm
Пользователь
Хотел настроить nftables для доп защиты своей vds, вот конфиг /etc/nftables.conf:
Вроде всё верно, да и модули я все установил.
Но при вводе «nft -c -f /etc/nftables.conf» ошибка:
Кто поможет? Дайте инструкцию по корректной настройке.
Ядро Linux а oc ubuntu
Код:
table inet filter {
chain prerouting {
type filter hook prerouting priority -150; policy accept;
tcp option maxseg size set rt mtu
}
chain input {
type filter hook input priority 0; policy drop;
ip saddr 127.0.0.0/8 accept
ip6 saddr ::1/128 accept
ct state invalid drop
ct state established,related accept
tcp dport 22 ct state new,established accept
ip protocol icmp icmp type echo-request accept
icmpv6 type echo-request accept
meta length > 1500 drop
log prefix "INPUT_DROP: " limit rate 10/minute
counter
drop
}
}Вроде всё верно, да и модули я все установил.
Но при вводе «nft -c -f /etc/nftables.conf» ошибка:
Код:
/etc/nftables.conf:4:9-41: Error: Could not process rule: Operation not supported
tcp option maxseg size set rt mtu
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
/etc/nftables.conf:11:9-35: Error: Could not process rule: Operation not supported
ip saddr 127.0.0.0/8 accept
^^^^^^^^^^^^^^^^^^^^^^^^^^^
/etc/nftables.conf:12:9-32: Error: Could not process rule: Operation not supported
ip6 saddr ::1/128 accept
^^^^^^^^^^^^^^^^^^^^^^^^
/etc/nftables.conf:15:9-29: Error: Could not process rule: Operation not supported
ct state invalid drop
^^^^^^^^^^^^^^^^^^^^^
/etc/nftables.conf:16:9-43: Error: Could not process rule: Operation not supported
ct state established,related accept
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
/etc/nftables.conf:19:9-52: Error: Could not process rule: Operation not supported
tcp dport 22 ct state new,established accept
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
/etc/nftables.conf:25:9-54: Error: Could not process rule: Operation not supported
ip protocol icmp icmp type echo-request accept
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
/etc/nftables.conf:26:9-39: Error: Could not process rule: Operation not supported
icmpv6 type echo-request accept
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
/etc/nftables.conf:29:9-31: Error: Could not process rule: Operation not supported
meta length > 1500 drop
^^^^^^^^^^^^^^^^^^^^^^^
/etc/nftables.conf:32:9-54: Error: Could not process rule: Operation not supported
log prefix "INPUT_DROP: " limit rate 10/minute
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
/etc/nftables.conf:33:9-15: Error: Could not process rule: Operation not supported
counter
^^^^^^^
/etc/nftables.conf:34:9-12: Error: Could not process rule: Operation not supported
drop
^^^^Кто поможет? Дайте инструкцию по корректной настройке.
Ядро Linux а oc ubuntu
Последнее редактирование: